#1 Trending Cybersecurity News & Magazine
Friday, December 1, 2023
No Result
View All Result
The Cyber Express
  • MagazineDownload
  • Firewall Daily
    • All
    • Bug Bounty & Rewards
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    science history institute data leak

    NoEscape Ransomware Group Strikes Again, Claims Science History Institute Data Breach

    Virtual Currency Mixer Sinbad.io

    US Treasury Sanctions Sinbad.io for Alleged Role in Lazarus Group’s Money Laundering

    Honey Birdette data breach

    Honey Birdette Data Breach Linked to 8Base Hacker Group, Lingerie Brand Yet to Confirm

    general electric data sale

    General Electric Data Breach: Hacker Claims Sale of Leaked GE Information

    First American Title Insurance breach

    First American Title Insurance Settles $1M Breach Case with NY Authorities

    play ransomware attack

    Play Ransomware Group Lists 17 Victims, 14 US-Based Companies Named

    Okta data breach incident

    Okta Data Breach: Hackers Access Data of All Customer Support Users, Says Firm

    cyberattack on JAXA

    Cyberattack on Japan’s Space Agency JAXA Confirmed!

    Cyberattack on National Aerospace Laboratories, National Aerospace Laboratories cyberattack

    LockBit Ransomware Group Claims Cyberattack on India’s National Aerospace Laboratories

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    AI Security Guidelines

    Rethinking AI For Cybersecurity: The UK & US Reveals New Guidelines For AI Security

    Cyber Insurance

    Cyber Insurance and Real-Time Threat Dashboard to Mend the Gaps in Near Future

    Pledge to Stop Ransom Payment

    Pledge to Stop Ransom Payment Awaits Consensus from all Members of the CRI

    Executive Order on Artificial Intelligence

    Biden Administration’s AI Directive: A Blueprint for Ethical Use and Enhanced Cybersecurity

    Cyber Resilience

    Towards Cyber Resilience: A Data-Centric Approach to Security

    CybleGrowCon

    Cyble Partner Network GrowCon 2023: Uniting Cybersecurity Leaders

    GRC, What is GRC

    What is GRC (Governance, Risk & Compliance): A Beginner’s Guide

    Facial Recognition Ban

    New York State Education Department Bans Facial Recognition Scans in Schools

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    Countdown to TimeAI Summit 2023

    Countdown to TimeAI Summit 2023: Unveiling the Future of Artificial Intelligence in Dubai

    Emerging Tech Summit

    The Emerging Tech Summit – Saudi Arabia 2023

    Business Cybersecurity

    Prioritizing Business Cybersecurity Plans During Mergers and Acquisitions

    TimeAI Summit

    TimeAI Summit is Uniting Tech Giants and Visionaries in Dubai to Shape the Future of AI

    CyberDSA 2023

    CyberDSA 2023: Forging a Resilient Digital Future Through Unprecedented Collaboration

    Summit MENA 2023

    MENA Summit 2023: Exploring the Future of Digital Identity & Authentication

    Cyble Raises 24 Million in Series B Funding

    Cyble Raises 24 Million in Series B Funding: Leveraging AI and Threat Intelligence to Revolutionize Cybersecurity

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    Bureau Raises $16.5M in Series A Funding

    Bureau Raises $16.5M in Series A Funding to Drive Global Expansion and Combat Cyber Fraud

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon India 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)
SUBSCRIBE
  • MagazineDownload
  • Firewall Daily
    • All
    • Bug Bounty & Rewards
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    science history institute data leak

    NoEscape Ransomware Group Strikes Again, Claims Science History Institute Data Breach

    Virtual Currency Mixer Sinbad.io

    US Treasury Sanctions Sinbad.io for Alleged Role in Lazarus Group’s Money Laundering

    Honey Birdette data breach

    Honey Birdette Data Breach Linked to 8Base Hacker Group, Lingerie Brand Yet to Confirm

    general electric data sale

    General Electric Data Breach: Hacker Claims Sale of Leaked GE Information

    First American Title Insurance breach

    First American Title Insurance Settles $1M Breach Case with NY Authorities

    play ransomware attack

    Play Ransomware Group Lists 17 Victims, 14 US-Based Companies Named

    Okta data breach incident

    Okta Data Breach: Hackers Access Data of All Customer Support Users, Says Firm

    cyberattack on JAXA

    Cyberattack on Japan’s Space Agency JAXA Confirmed!

    Cyberattack on National Aerospace Laboratories, National Aerospace Laboratories cyberattack

    LockBit Ransomware Group Claims Cyberattack on India’s National Aerospace Laboratories

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    AI Security Guidelines

    Rethinking AI For Cybersecurity: The UK & US Reveals New Guidelines For AI Security

    Cyber Insurance

    Cyber Insurance and Real-Time Threat Dashboard to Mend the Gaps in Near Future

    Pledge to Stop Ransom Payment

    Pledge to Stop Ransom Payment Awaits Consensus from all Members of the CRI

    Executive Order on Artificial Intelligence

    Biden Administration’s AI Directive: A Blueprint for Ethical Use and Enhanced Cybersecurity

    Cyber Resilience

    Towards Cyber Resilience: A Data-Centric Approach to Security

    CybleGrowCon

    Cyble Partner Network GrowCon 2023: Uniting Cybersecurity Leaders

    GRC, What is GRC

    What is GRC (Governance, Risk & Compliance): A Beginner’s Guide

    Facial Recognition Ban

    New York State Education Department Bans Facial Recognition Scans in Schools

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    Countdown to TimeAI Summit 2023

    Countdown to TimeAI Summit 2023: Unveiling the Future of Artificial Intelligence in Dubai

    Emerging Tech Summit

    The Emerging Tech Summit – Saudi Arabia 2023

    Business Cybersecurity

    Prioritizing Business Cybersecurity Plans During Mergers and Acquisitions

    TimeAI Summit

    TimeAI Summit is Uniting Tech Giants and Visionaries in Dubai to Shape the Future of AI

    CyberDSA 2023

    CyberDSA 2023: Forging a Resilient Digital Future Through Unprecedented Collaboration

    Summit MENA 2023

    MENA Summit 2023: Exploring the Future of Digital Identity & Authentication

    Cyble Raises 24 Million in Series B Funding

    Cyble Raises 24 Million in Series B Funding: Leveraging AI and Threat Intelligence to Revolutionize Cybersecurity

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    Bureau Raises $16.5M in Series A Funding

    Bureau Raises $16.5M in Series A Funding to Drive Global Expansion and Combat Cyber Fraud

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon India 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Interviews

How Digital Forensics Can Help Enhance In-House Investigations

Avantika Chopra by Avantika Chopra
November 27, 2022
in Interviews
0
Digital Forensics
623
SHARES
3.5k
VIEWS
Share on LinkedInShare on Twitter

Harsh Behl is the Director of Product Management at Exterro, an e-discovery and information governance software provider. Based in London, Harsh has over a decade long experience in the cybersecurity realm and has spearheaded initiatives at his organization with hands-on experience in Data Analysis, Penetration Testing and Vulnerability Assessment, Encryption and Steganography software among others.

In an exclusive interaction with The Cyber Express, Harsh Behl discusses insider threats, roadblocks in internal investigations and how digital forensic solutions can help in-house investigations.

You might also like

Elevating Cyber Learning: Interactive Entertainment in Cybersecurity Training

The Intricacies of Cybersecurity: A Detailed Discourse with Juhani Hintikka

Navigating the AI Revolution in Cybersecurity: Ryan Davis Shares Insight

Here is an excerpt from the interview.

TCE: Why are insider threats both intentional and unintentional growing?

With new work models such as work from anywhere and bring your own device, organizations are challenged with gaining visibility into users and the level of access they have to critical business assets. Home networks are now the corporate network, which translates to more data generated and, subsequently more risk.

Gaining visibility into employee personal devices is again a challenge, and any compromise in the device poses a threat to work product or intellectual property. More remote endpoints have created more security vulnerabilities, and organizations have lesser access to data and collaboration between teams for investigations. Adding to these is the slow implementation of policies, procedures, and employee training initiatives in using digital forensic solutions for investigations. These factors have left businesses with the issue of not being able to identify and mitigate intentional and unintentional insider threats.

Most often, unintentional threats occur due to phishing or social engineering attacks. Threat actors are able to access information across the board, including that of contractors and third parties working for the business. Unintentional attacks could also occur when malicious code is deployed into the system of a remote employee with access to critical data.

Intentional attacks could occur due to an employee exiting the company or through a disgruntled one. It could also be employees who are incentivized to steal data, like in the case of the ransomware group Lapsus$. The group identifies malicious insiders to install malware before demanding a ransom. These are some of the most pressing concerns associated with insider threats.

TCE: Roadblocks to internal investigations that currently exist among organizations.

In-house investigations are becoming more collaborative irrespective of the industry or sector the business caters to. Staff who are not legal professionals are being drawn into investigations. For example, HR, finance, compliance, and legal departments now play a critical role in preserving and analysing data for investigations. When data is scattered across departments, home networks, the cloud and more, the investigation process becomes complicated and time-consuming. This is doubly difficult when organizations have to collaborate with outside counsel, contracted law firms or legal service providers.

With disparate sets of data scattered across various functionalities, managing data silos is challenging. In addition, gathering data individually from remote endpoints can become extremely time-consuming and expensive, posing massive hurdles to investigations. This is where digital forensics solutions come in. Software that can reduce the amount of time spent in gathering and analyzing data is reduced drastically, making it a more efficient and cost-effective choice.

TCE: What Anomalies Do You Typically Look for When a System Becomes Compromised?

Anomalies encompass a wide range of events. Exterro can identify several anomalies. For instance, we can look at any/all USB events specifying the USB devices connected to the system. We can also highlight any remote desktop connections, find out if a threat actor gained access over the system, and identify privilege escalation, i.e., if a user (without admin access) procured admin access.

We can detect such events and bring them to the attention of the users, helping them build upon their investigations.

Additionally, if the fraud in question is a malware, virus etc., We can identify the point of entry or the point of intrusion. We also look for the movement of the malware, its persistence, affected end points, giving us the ability to identify the process for remediation. Our remediation process analyzes the system data (such as registries), the memory and the volatile data running on the device.

In case of intellectual property theft or data exfiltration, we try to analyze human behavior in conjunction with the system data to correlate and corroborate the points that could lead to proving malicious intent of the users. For instance, we can identify if the user had leaked documents or any intellectual property of the company. While anomalies vary case by case, our process can answer who did what and when post breach.

TCE: How digital forensic solutions can help in-house investigations?

Over the last few years, cyberattacks and insider threats from current and past employees have increased. Globally, four in ten business leaders say existing employees pose a threat to data theft. This isn’t unfounded as 63% of employees exiting a company admitted to taking data from their respective workplaces. At a time when cyberattacks are on the rise, probing the incident is also often a challenging task. With these traits on the rise, organizations need a holistic investigation mechanism to identify and manage threats.

But a massive hurdle is legacy forensic technologies. These are hard to scale and create data silos. With investigations spanning innumerable endpoints, collating and analyzing data is a time consuming task. Existing forensic tools and technologies can’t perpetually deliver the efficiency required to complete the investigative workload. This is why businesses need integrated digital forensic solutions that foster collaboration, reducing data movement, longer timeframes and higher costs.

TCE: Why can digital forensics enable organizations in reducing risk brought on by insider threats?

Insider threats are an expensive affair. Globally, insider threats have increased by 40% over the last 2-3 years costing companies an average of $13 million. If not monitored properly, insider threats may go unnoticed for weeks and sometimes months. Businesses need the capacity to react quickly and efficiently to insider threats, requiring data to be collected from numerous endpoints across the network and remote locations quickly. And it must be done without detection. This data needs to be analyzed to gather actionable insights on how to remediate the situation.

Digital forensic solutions can help businesses perform all of these tasks. They enable organizations to become more proactive in detecting and avoiding insider threats. When integrated with SIEM tools to create a Security Orchestration Automation Response, digital forensic solutions can act as a guidebook for preventive measures before a breach can even occur. Data gathered from digital forensic solutions can aid SIEM tools to trigger workflows automatically and also reduce the risk of data breaches.

In the digital age, where businesses are generating petabytes of data, legacy investigation strategies become ineffective and costly. With powerful and flexible digital forensic solutions, organizations can tackle big, diverse data loads, work faster and scale bigger.

TCE: How can these solutions reduce the risk brought on by outsourcing investigations?

Any successful investigation requires untainted facts, which means forensically sound preservation, collection, analysis and review of data. When investigations are outsourced, they become expensive, time consuming due to multiple factors. Businesses would have to identify the right third-party vendor with expertise in digital forensics, while also relying on the third-party to conduct a forensically sound investigation. In addition, the third party must be given access to the company’s IT infrastructure and the devices that require data collection and analysis, opening up the attack surface further.

Interviewing relevant people for the investigation and verifying the information they provide with the data, contextualizing and analyzing mandates no margin of error. The outsourcing companies will also have to upload sensitive company data onto their own data centers to carry out the investigation. These factors add external contingencies to an investigation, posing greater risk of data theft. Integrated digital forensic solutions that are easy to use enable in-house teams to get to the facts of the case faster, quicker in a cost-effective manner. The evidence generated is forensically sound and businesses can avoid the risk of data movement and the use of non-defensible approaches of investigation that could render evidence inadmissible.

TCE: How Would You Monitor and Log Cyber Security Events?

While Exterro is a post-breach analysis company and does not partake in monitoring, we provide scanning options. Scanning could allow the users to look for indicators of compromise across the entire network.

Exterro runs these scans with the support of our automation capabilities, and if we find any anomalies/compromises, we can automate further investigation. We integrate with technologies such as SIEM (Security Information and Event Management) (SIEM) and SOAR (Security Orchestration, Automation and Response) from Palo Alto’s Splunk, which helps us add to the cyber infrastructure of an organization.

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: Digital ForensicsExterroinsider threatsThe Cyber ExpressThe Cyber Express News
Previous Post

Cyber Monday Deals 2022: How To Shop Smart & Get Best Discounts

Next Post

Don’t Miss Out on The Best Cyber Monday Deals in 2022

Avantika Chopra

Avantika Chopra

Associate Editor, The Cyber Express

Related Posts

Cybersecurity Training
Firewall Daily

Elevating Cyber Learning: Interactive Entertainment in Cybersecurity Training

by Augustin Kurian
October 29, 2023
Cybersecurity
Firewall Daily

The Intricacies of Cybersecurity: A Detailed Discourse with Juhani Hintikka

by Augustin Kurian
October 22, 2023
Navigating the AI Revolution in Cybersecurity: Ryan Davis Shares Insight
Firewall Daily

Navigating the AI Revolution in Cybersecurity: Ryan Davis Shares Insight

by Ashish Khaitan
October 21, 2023
Mandy Andress
Firewall Daily

Mandy Andress on Conquering Complexity, Open Source, and Compliance Challenges in Cybersecurity

by Avantika Chopra
September 25, 2023
Ransomed Interview: Operator Speaks About No Mercy and All Gain
Firewall Daily

Ransomed Interview: Operator Speaks About No Mercy and All Gain

by Vishwa Pandagle
September 16, 2023
Next Post
Best Cyber Monday Deals

Don’t Miss Out on The Best Cyber Monday Deals in 2022

Latest Issue is Out. Subscribe Now

Cybersecurity Magazine



Follow Us On Google News

Latest Cyber News

science history institute data leak
Data Breach News

NoEscape Ransomware Group Strikes Again, Claims Science History Institute Data Breach

November 30, 2023
Virtual Currency Mixer Sinbad.io
Cybersecurity News

US Treasury Sanctions Sinbad.io for Alleged Role in Lazarus Group’s Money Laundering

November 30, 2023
Honey Birdette data breach
Firewall Daily

Honey Birdette Data Breach Linked to 8Base Hacker Group, Lingerie Brand Yet to Confirm

November 30, 2023
general electric data sale
Data Breach News

General Electric Data Breach: Hacker Claims Sale of Leaked GE Information

November 29, 2023

Categories

Web Stories

Top 10 CISOs to Follow in 2023
Top 10 CISOs to Follow in 2023
Top 10 Ransomware Gangs in 2023
Top 10 Ransomware Gangs in 2023
Top 5 IoT Security Risks in 2023
Top 5 IoT Security Risks in 2023
Top 10 CTF Platforms in 2023
Top 10 CTF Platforms in 2023
Types of Risks Covered by Cyber Insurance
Types of Risks Covered by Cyber Insurance

About

The Cyber Express by Cyble

#1 Trending Cybersecurity News and Magazine

The Cyber Express  by Cyble is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

 

Contact

For editorial queries: [email protected]

For marketing and Sales: [email protected]

For Events & Conferences related information: [email protected]

 

Quick Links

  • About Us
  • Advertise With Us
  • Contact Us
  • Editorial Calendar

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

 

India Office:

Cyber Express Media Network
HD-021, 4th Floor, C Wing, Building No.4. Nesco IT Park, WE Highway, Goregaon East, Mumbai, Maharashtra, India – 4000063

Subscribe to Our Feed

RSS Feeds

Follow Us On Google News
  • Privacy Statement
  • Terms of Use
  • Write For Us

© 2023 The Cyber Express (Cybersecurity News and Magazine) | By Cyble Inc.

No Result
View All Result
  • Magazine
  • Firewall Daily
  • Essentials
    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • World CyberCon India 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • Products
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)

© 2023 The Cyber Express (Cybersecurity News and Magazine) | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.
Top 10 CISOs to Follow in 2023 Top 10 Ransomware Gangs in 2023 Top 5 IoT Security Risks in 2023 Top 10 CTF Platforms in 2023 Types of Risks Covered by Cyber Insurance