Monday, February 6, 2023
  • Advertise With Us
  • Write For Us
  • Contact Us
  • About Us
  • Editorial Calendar
Download Latest Issue - Free!
The Cyber Express
Ransomware Report
  • Magazine
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacks
    • Ransomware
    • Vulnerabilities
    Hacking depiction in hollywood

    Hollywood and its Quest with Nailing Hacking Depictions

    Internet Censorship and Freedom of Speech

    Internet Censorship and Freedom of Speech

    Voice Networks

    Voice Networks are Under Attack – is Anybody Listening?

    Anonymous Sudan Declares War on American Corporate Giants with Devastating DDoS Onslaughts

    Dominic Alvieri

    After Hive, Will More Ransomware Groups be Taken Down in 2023?

    McEwan Fraser Legal

    ALPHV Ransomware Hits UK Realty Firm McEwan Fraser Legal, 300GB Data On The Line

    Kewal Kiran

    Indian Apparel Manufacturer Kewal Kiran Clothing’s Data Out For Sale

    BATLoader

    Stealthy BATLoader Lurks Under PowerShell Script to Evade Detection and Launch Malware

    Guardian Analytics Data Leak

    Guardian Analytics Data Leak: Ransomware Groups Daixin Team and Lockbit List Firm as Victim

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    Zero Trust Strategy

    US Department of Defense to Embrace Zero Trust Strategy

    browser hijackers

    Researchers Find Browser Hijackers on Google Chrome Web Store

    DORA proposal

    DORA Proposal for Cybersecurity Awaits Full Approval by Council and ESAs

    Privacy penalty bill

    Australia Privacy Penalty Bill 2022: Pay a $50 Million Fine for Data Breaches

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • Webinars
    • World CyberCon Middle East 2023
    • Endorsed Events
  • Advertise
No Result
View All Result
The Cyber Express
  • Magazine
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacks
    • Ransomware
    • Vulnerabilities
    Hacking depiction in hollywood

    Hollywood and its Quest with Nailing Hacking Depictions

    Internet Censorship and Freedom of Speech

    Internet Censorship and Freedom of Speech

    Voice Networks

    Voice Networks are Under Attack – is Anybody Listening?

    Anonymous Sudan Declares War on American Corporate Giants with Devastating DDoS Onslaughts

    Dominic Alvieri

    After Hive, Will More Ransomware Groups be Taken Down in 2023?

    McEwan Fraser Legal

    ALPHV Ransomware Hits UK Realty Firm McEwan Fraser Legal, 300GB Data On The Line

    Kewal Kiran

    Indian Apparel Manufacturer Kewal Kiran Clothing’s Data Out For Sale

    BATLoader

    Stealthy BATLoader Lurks Under PowerShell Script to Evade Detection and Launch Malware

    Guardian Analytics Data Leak

    Guardian Analytics Data Leak: Ransomware Groups Daixin Team and Lockbit List Firm as Victim

  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    TRAI

    TRAI Asked to Involve MoD in Drafting Big Data Regulations & Policies

    cybersecurity

    Cybersecurity incidents may soon be ‘uninsurable’

    Australia

    Australia Ropes in Tech Veterans to Set Up Cyber Action Plan

    Active Directory

    Prevent Ransomware: Save the Active Directory

    Privacy Penalty Bill

    Privacy Penalty Bill: Australian Parliament Approves Heavy Fines

    Zero Trust Strategy

    US Department of Defense to Embrace Zero Trust Strategy

    browser hijackers

    Researchers Find Browser Hijackers on Google Chrome Web Store

    DORA proposal

    DORA Proposal for Cybersecurity Awaits Full Approval by Council and ESAs

    Privacy penalty bill

    Australia Privacy Penalty Bill 2022: Pay a $50 Million Fine for Data Breaches

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business News
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • Webinars
    • World CyberCon Middle East 2023
    • Endorsed Events
  • Advertise
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Interviews

How Digital Forensics Can Help Enhance In-House Investigations

Avantika Chopra by Avantika Chopra
November 27, 2022
in Interviews
0
Digital Forensics
602
SHARES
3.3k
VIEWS
Share on LinkedInShare on Twitter
Listen to this story

Harsh Behl is the Director of Product Management at Exterro, an e-discovery and information governance software provider. Based in London, Harsh has over a decade long experience in the cybersecurity realm and has spearheaded initiatives at his organization with hands-on experience in Data Analysis, Penetration Testing and Vulnerability Assessment, Encryption and Steganography software among others.

In an exclusive interaction with The Cyber Express, Harsh Behl discusses insider threats, roadblocks in internal investigations and how digital forensic solutions can help in-house investigations.

You might also like

After Hive, Will More Ransomware Groups be Taken Down in 2023?

Why Singapore Has the Best Cybersecurity in The World

Security Pill: How Far Can Allowlisting Restrictions Defend Threats and Human Errors?

Here is an excerpt from the interview.

TCE: Why are insider threats both intentional and unintentional growing?

With new work models such as work from anywhere and bring your own device, organizations are challenged with gaining visibility into users and the level of access they have to critical business assets. Home networks are now the corporate network, which translates to more data generated and, subsequently more risk.

Gaining visibility into employee personal devices is again a challenge, and any compromise in the device poses a threat to work product or intellectual property. More remote endpoints have created more security vulnerabilities, and organizations have lesser access to data and collaboration between teams for investigations. Adding to these is the slow implementation of policies, procedures, and employee training initiatives in using digital forensic solutions for investigations. These factors have left businesses with the issue of not being able to identify and mitigate intentional and unintentional insider threats.

Most often, unintentional threats occur due to phishing or social engineering attacks. Threat actors are able to access information across the board, including that of contractors and third parties working for the business. Unintentional attacks could also occur when malicious code is deployed into the system of a remote employee with access to critical data.

Intentional attacks could occur due to an employee exiting the company or through a disgruntled one. It could also be employees who are incentivized to steal data, like in the case of the ransomware group Lapsus$. The group identifies malicious insiders to install malware before demanding a ransom. These are some of the most pressing concerns associated with insider threats.

TCE: Roadblocks to internal investigations that currently exist among organizations.

In-house investigations are becoming more collaborative irrespective of the industry or sector the business caters to. Staff who are not legal professionals are being drawn into investigations. For example, HR, finance, compliance, and legal departments now play a critical role in preserving and analysing data for investigations. When data is scattered across departments, home networks, the cloud and more, the investigation process becomes complicated and time-consuming. This is doubly difficult when organizations have to collaborate with outside counsel, contracted law firms or legal service providers.

With disparate sets of data scattered across various functionalities, managing data silos is challenging. In addition, gathering data individually from remote endpoints can become extremely time-consuming and expensive, posing massive hurdles to investigations. This is where digital forensics solutions come in. Software that can reduce the amount of time spent in gathering and analyzing data is reduced drastically, making it a more efficient and cost-effective choice.

TCE: What Anomalies Do You Typically Look for When a System Becomes Compromised?

Anomalies encompass a wide range of events. Exterro can identify several anomalies. For instance, we can look at any/all USB events specifying the USB devices connected to the system. We can also highlight any remote desktop connections, find out if a threat actor gained access over the system, and identify privilege escalation, i.e., if a user (without admin access) procured admin access.

We can detect such events and bring them to the attention of the users, helping them build upon their investigations.

Additionally, if the fraud in question is a malware, virus etc., We can identify the point of entry or the point of intrusion. We also look for the movement of the malware, its persistence, affected end points, giving us the ability to identify the process for remediation. Our remediation process analyzes the system data (such as registries), the memory and the volatile data running on the device.

In case of intellectual property theft or data exfiltration, we try to analyze human behavior in conjunction with the system data to correlate and corroborate the points that could lead to proving malicious intent of the users. For instance, we can identify if the user had leaked documents or any intellectual property of the company. While anomalies vary case by case, our process can answer who did what and when post breach.

TCE: How digital forensic solutions can help in-house investigations?

Over the last few years, cyberattacks and insider threats from current and past employees have increased. Globally, four in ten business leaders say existing employees pose a threat to data theft. This isn’t unfounded as 63% of employees exiting a company admitted to taking data from their respective workplaces. At a time when cyberattacks are on the rise, probing the incident is also often a challenging task. With these traits on the rise, organizations need a holistic investigation mechanism to identify and manage threats.

But a massive hurdle is legacy forensic technologies. These are hard to scale and create data silos. With investigations spanning innumerable endpoints, collating and analyzing data is a time consuming task. Existing forensic tools and technologies can’t perpetually deliver the efficiency required to complete the investigative workload. This is why businesses need integrated digital forensic solutions that foster collaboration, reducing data movement, longer timeframes and higher costs.

TCE: Why can digital forensics enable organizations in reducing risk brought on by insider threats?

Insider threats are an expensive affair. Globally, insider threats have increased by 40% over the last 2-3 years costing companies an average of $13 million. If not monitored properly, insider threats may go unnoticed for weeks and sometimes months. Businesses need the capacity to react quickly and efficiently to insider threats, requiring data to be collected from numerous endpoints across the network and remote locations quickly. And it must be done without detection. This data needs to be analyzed to gather actionable insights on how to remediate the situation.

Digital forensic solutions can help businesses perform all of these tasks. They enable organizations to become more proactive in detecting and avoiding insider threats. When integrated with SIEM tools to create a Security Orchestration Automation Response, digital forensic solutions can act as a guidebook for preventive measures before a breach can even occur. Data gathered from digital forensic solutions can aid SIEM tools to trigger workflows automatically and also reduce the risk of data breaches.

In the digital age, where businesses are generating petabytes of data, legacy investigation strategies become ineffective and costly. With powerful and flexible digital forensic solutions, organizations can tackle big, diverse data loads, work faster and scale bigger.

TCE: How can these solutions reduce the risk brought on by outsourcing investigations?

Any successful investigation requires untainted facts, which means forensically sound preservation, collection, analysis and review of data. When investigations are outsourced, they become expensive, time consuming due to multiple factors. Businesses would have to identify the right third-party vendor with expertise in digital forensics, while also relying on the third-party to conduct a forensically sound investigation. In addition, the third party must be given access to the company’s IT infrastructure and the devices that require data collection and analysis, opening up the attack surface further.

Interviewing relevant people for the investigation and verifying the information they provide with the data, contextualizing and analyzing mandates no margin of error. The outsourcing companies will also have to upload sensitive company data onto their own data centers to carry out the investigation. These factors add external contingencies to an investigation, posing greater risk of data theft. Integrated digital forensic solutions that are easy to use enable in-house teams to get to the facts of the case faster, quicker in a cost-effective manner. The evidence generated is forensically sound and businesses can avoid the risk of data movement and the use of non-defensible approaches of investigation that could render evidence inadmissible.

TCE: How Would You Monitor and Log Cyber Security Events?

While Exterro is a post-breach analysis company and does not partake in monitoring, we provide scanning options. Scanning could allow the users to look for indicators of compromise across the entire network.

Exterro runs these scans with the support of our automation capabilities, and if we find any anomalies/compromises, we can automate further investigation. We integrate with technologies such as SIEM (Security Information and Event Management) (SIEM) and SOAR (Security Orchestration, Automation and Response) from Palo Alto’s Splunk, which helps us add to the cyber infrastructure of an organization.

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: Digital ForensicsExterroinsider threatsThe Cyber ExpressThe Cyber Express News
Previous Post

Cyber Monday Deals 2022: How To Shop Smart & Get Best Discounts

Next Post

Don’t Miss Out on The Best Cyber Monday Deals in 2022

Avantika Chopra

Avantika Chopra

Related Posts

Dominic Alvieri
Firewall Daily

After Hive, Will More Ransomware Groups be Taken Down in 2023?

by Vishwa Pandagle
February 4, 2023
Lanx Goh Cybersecurity
Firewall Daily

Why Singapore Has the Best Cybersecurity in The World

by Editorial
February 1, 2023
Security Pill: How Far Can Allowlisting Restrictions Defend Threats and Human Errors?
Firewall Daily

Security Pill: How Far Can Allowlisting Restrictions Defend Threats and Human Errors?

by Editorial
February 1, 2023
Women In Cloud
Interviews

Women In Cloud: Gender Parity Efforts is a Guinness Record Effort in Itself

by Chandu Gopalakrishnan
January 31, 2023
cybersecurity
Firewall Daily

‘You are Essentially Funding Cybercriminals When You Pay Ransom’

by Chandu Gopalakrishnan
January 28, 2023 - Updated on February 2, 2023
Next Post
Best Cyber Monday Deals

Don’t Miss Out on The Best Cyber Monday Deals in 2022

Latest Issue is Out. Subscribe Now

Ai in Cybersecurity - Cybersecurity Magazine by The Cyber Express

Download Now



Follow Us On Google News

Never miss an update. Subscribe!

* indicates required

Recommended

Yanluowang Ransomware Gang

Yanluowang Ransomware Gang Hacked, Internals Chats Leaked

November 7, 2022
Cyber Monday Deals

Cyber Monday Deals 2022: How To Shop Smart & Get Best Discounts

November 26, 2022

Categories

Don't miss it

Hacking depiction in hollywood
Features

Hollywood and its Quest with Nailing Hacking Depictions

February 5, 2023
Internet Censorship and Freedom of Speech
Features

Internet Censorship and Freedom of Speech

February 5, 2023
Voice Networks
Features

Voice Networks are Under Attack – is Anybody Listening?

February 4, 2023
Firewall Daily

Anonymous Sudan Declares War on American Corporate Giants with Devastating DDoS Onslaughts

February 4, 2023
LockBit. Ion Group
Cybersecurity News

LockBit Claims Ransom From ION Group, Firm Declines To Comment

February 4, 2023
Dominic Alvieri
Firewall Daily

After Hive, Will More Ransomware Groups be Taken Down in 2023?

February 4, 2023

About

The Cyber Express

Cybersecurity News and Magazine

The Cyber Express is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

Follow The Cyber Express

Contact

For editorial queries: [email protected]

For marketing, PR & media partnerships: [email protected]

For media kit and digitals sales: [email protected]

For Sponsorship/Event Partnership: [email protected]

For Conferences related information: [email protected]

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

Tel: (678) 578-8838

Subscribe to Our Feed

RSS Feeds

Follow Us On Google News

© 2022 The Cyber Express (Cybersecurity News and Magazine) | By Cyble Inc.

No Result
View All Result
  • Firewall Daily
  • Business News
  • Cyber Essentials
  • Features
  • Cybersecurity Magazine
  • Events
    • World CyberCon Middle East 2023
    • Webinars

© 2022 The Cyber Express (Cybersecurity News and Magazine) | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.