Security vendor AccessData has launched version 2 of its CIRT (Cyber Intelligence and Response Technology) product, which is the only solution to put cyber defence, incident response and digital forensics into a single pane of glass.
The Middle East has seen a large increase in demand for effective security solutions as organisations attempt to avoid the same fate as those that have suffered major breaches, like the devastating ‘Shamoon’ malware attack of Saudi Aramco earlier this year.
“We do something that is very different to any other vendor people see at GITEX. There are a lot of niche players out there. Some of them do network-based forensics data-in-motion, some of them do host-based forensics and some of them do malware analysis. CIRT has taken all of those technologies and processes and put them into one single pane of glass,” said Jason Mical, Director of Network Forensics, AccessData.
“So we can see data that is moving and resting, all kinds of forensics, search and review and malware analysis, unlike any other vendor can. There are companies that do little pieces of them, but we’re the only one that can show it all in one dashboard,” he added.
According to Mical, the most important factor in organisations protecting themselves for attacks is timing.
“These attacks are hitting and the longer you let them go, the more damage that’s getting done. So having the capability to have full visibility of data without having to take the box offline and do an analysis, logs and traditional incident response is vital. We can get on the box in any location around the world from right here and do full forensic analysis, memory analysis and network analysis in a matter of seconds, and then be able to remediate it as well. So if we’re finding rogue processes or malicious content, we can immediately hit a button and remove all the assets that are infected,” Mical said.
“That’s another big differentiator for us – we’re not signature based, so we’re not depending on known signatures. That’s how everything is getting through these front doors because the other technologies don’t trigger these events. We’re doing deep dive forensic analysis to uncover things that are happening under the operating system. They’re not visible to the end user. So we can find it very quickly anywhere in the world and address it via a keystroke,” he added.
With the numerous high profile attacks capturing the attention of CIOs around the globe, there has been a major paradigm shift in IT security.
“Historically, security has always been an insurance policy. Everyone always struggled to make an investment outside of what they already did. But everyone is now seeing that the paradigm is shifting because now everyone is acknowledge that they don’t have the capabilities to detect, remediate and respond in the nature they need to. The breaches are getting more sophisticated and the magnitude of them are getting significantly larger, so having that visibility of all your data as it’s sitting at rest is a game changer and it is shifting everybody’s philosophies towards security,” Mical said.
He also emphasised that, whilst it is the breaches of major originations that gain the most attention, it is important to remember that all organisations are at risk.
“It does not matter how big or small an organisation is or what vertical they are in, everyone is a potential target. If they have intellectual property they are concerned about, which all organisations do, or even if they just get a denial of service attack – every second that they’re not up they’re losing money,” he concluded.