AccessData Group

AccessData Group has pioneered digital investigations and litigation support for more than 25 years. Its family of stand-alone and enterprise-class solutions, including FTK, SilentRunner, Summation and the CIRT security framework, enable digital investigations of any kind, including computer forensics, incident response, e-discovery, legal review, compliance auditing and information assurance. More than 100,000 users in law enforcement, government agencies, corporations and law firms worldwide rely on AccessData software solutions and premier digital investigation and hosted review services. AccessData is also a leading provider of digital forensics and litigation support training and certification.

Our Website:

Latest Content From AccessData Group

Webcast: Innovations in Integration: Achieving Holistic Rapid Detection and Response

by AccessData GroupSep 26, 2013

Detection and response times are a joke. According to the 2013 Data Breach Investigations Report, 66% of reported incidents weren’t discovered until months after the fact, 69% were actually discovered by third-parties, 14% of incidents took weeks or more to contain and 22% took months or more to contain.

Lofty talk of people, processes and information sharing has its place, but we won’t see our security posture improve until weaknesses in the underlying cyber security infrastructure are addressed. Whether an organization relies on incident response services professionals or an in-house security and response team, the challenges are typically the same. The traditional cyber security infrastructure is riddled with detection, analysis and remediation gaps. This is because the industry is largely comprised of niche companies producing niche tools, and these disparate tools are juggled by several disparate teams that have no means of collaborating in real time. Such a piecemeal approach hamstrings people and their processes, inhibits information sharing, and makes rapid detection and response impossible.

Join Kevin Whartenby of HP and Jason Mical of AccessData as they review new technological advancements that make holistic rapid detection and response a reality. Whartenby and Mical will discuss how organizations and more advanced service providers are filling detection, analysis and remediation gaps by integrating critical analysis capabilities, implementing a “virtual war room” environment to enable real-time collaboration, and leveraging bi-directional integration between an integrated rapid detection and response platform and SIEM solutions, such as ArcSight ESM.

Topics discussed in this presentation include…

  • Detecting more and responding faster with integrated network, host and malware analysis
  • Automating response with bi-directional SIEM integration that provides 360-degree “threatscape” visibility
  • Using new host-based packet capture capabilities to expand your visibility into off-network laptops
  • Creating a “virtual war room environment” to achieve real-time collaboration among teams (NetSec, SOC, Malware, Forensics, Information Assurance…)
  • Assessing your service providers’ capabilities to ensure they’re able to provide holistic response services

Whitepaper: What You Don't Know Can Hurt You: Detecting Unknown Threats and Reducing Response Times

by AccessData GroupJun 19, 2013

Protecting enterprise operations from hacks, malware, targeted attacks, advanced persistent threats (APTs) and other malicious activity remains a challenge for organizations, large and small. The number of breaches continues to grow and shows no signs of slowing despite technology advances and a market flush with cybersecurity products. In fact, according to the 2013 Verizon Data Breach Investigations Report (DBIR), 66 percent of surveyed organizations didn't discover security breaches until months after the fact, and 69 percent of these incidents were actually discovered by a third party. This is due to overreliance on inherently handicapped prevention and alerting tools.

Organizations are not able to see all the threats these tools routinely miss. In addition, once a threat is detected, response times are delayed, because there is no real-time collaboration among the various information security teams involved and no integration among the tools required to perform root cause analysis and remediation.

Rather than piecemeal different security products into a loosely coupled solution spread amongst security pros, organizations should implement a solution that integrates core security capabilities-network and computer forensics, malware analysis, large-scale data auditing and remediation-into a single Web-enabled user interface that can be accessed by multiple security teams. The industry is finally shifting focus to detecting unknown threats and reducing response time, and the only way to achieve this is through integrated analysis and real-time collaboration.

Whitepaper: Cerberus: Malware Triage and Analysis

by AccessData GroupOct 29, 2012

This document reviews new malware analysis technology, Cerberus, which determines the behavior and intent of suspect binaries without the need for signatures, white lists or a sandbox environment. Using this �triage� approach, organizations are able to detect unknown threats that signature-based technologies will miss. In addition, they are able to gain critical information immediately, allowing them to take decisive action prior to engaging a malware team. There are tens of thousands of static executables on disk and typically 100+ processes running on a given machine at any time. Any one of them could contain malicious code.

To address these potential threats, reverse engineers are often relied on to perform the time consuming tasks necessary to determine the behavior and intent of suspect code. An alternative to reverse engineering binaries would be to run each one in a sandbox or perform some form of dynamic analysis. However, certain malware incorporates counter measures to thwart dynamic analysis. Unfortunately, this approach only tells the analyst what an executable does under certain conditions, not everything the executable is capable of doing.

Given the infinite number of scenarios outside a sandbox environment, there is a great need for automated analysis to fill the gap between what incident responders are finding and what needs to be fully examined. In addition, automated analysis that does not rely on signatures, white lists or sandbox measures provides the actionable intelligence incident responders need within minutes, as opposed to days or weeks.

Whitepaper: A Balanced Approach:The Shift to Integrated Security Response Capabilities White Paper

by AccessData GroupApr 18, 2012

Despite increased regulation, oversight and spending, corporate and government organizations continue to see an increase in cyber security breaches. According to the October 2011 GAO Information Security report, there's been a 650% increase in federal government security incidents over the last five years. And corporate incidents have gone up, not only due to the infiltration of mobile devices - both corporate-owned and employee-owned - but computer-based as well. In an interview on March 28, 2012, Shawn Henry, the FBI's executive assistant director, stated that the US is not winning the battle of keeping hackers away from corporate networks.

Given the increase in the number of attacks and exploits, the time is right to break down the barriers between teams, optimize response and collaboration across internal incident response boundaries and enable integration among the teams tasked with protecting the organization. A new approach is needed. One that involves not just new technologies, but a whole paradigm shift in the approach organizations take toward cyber security.

This paper outlines the benefits of an integrated approach to security - one where people, processes and technology integrate and collaborate using technology that delivers network analysis, host analysis and large-scale data auditing - all in a single platform.