#1 Trending Cyber Security News & Magazine
Monday, June 5, 2023
No Result
View All Result
The Cyber Express
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media

    DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media

    Billtrust Appoints Ankur Ahuja

    Billtrust Appoints Ankur Ahuja as SVP and Chief Information Security Officer

    NoEscape Ransomware-as-a-Service (RaaS)

    NoEscape Ransomware-as-a-Service (RaaS): Triple-Extortion Affiliate Program Unveiled

    SharpPanda APT Targets High-Level Government Officials From G20 Nations

    SharpPanda APT Targets High-Level Government Officials From G20 Nations

    YKK Ransomware Attack

    LockBit Claims to Hit Global Zipper Giant YKK, Sets 14-Day Deadline

    SmokeLoader Malware

    SmokeLoader Malware Adopts New Tactics, Raises Serious Security Concerns

    Camaro Dragon

    Camaro Dragon Expands Cyber Espionage Operations with TinyNote Backdoor

    Vulnerability In MOVEit Transfer

    Vulnerability in MOVEit Transfer Exploited in the Wild

    Google Workspace security

    A Google Workspace Security Issue Can Allow Data Exfiltration Without Any Logs

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    Martin Sloan, Five Years Of GDPR

    Five Years of GDPR: There is a Long Way to Run on Cross-Border Data Transfers

    Nokoyawa Ransomware Group

    All You Need to Know About The Nokoyawa Ransomware Group

    StopRansomware Guide

    Updated StopRansomware Guide Warns of Ransomware’s Shape Shifting Tactics

    Microsoft Entra

    Microsoft Build 2023: Microsoft Entra Introduced With New Identity and Access Features

    Data Protection Commission

    Irish Data Protection Commission imposes $1.3bn Fine on Meta

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    disclosing cybersecurity incidents

    Why Victims Fail to Disclose Cybersecurity Incidents, And Why They Should

    Stakeholder Communication During Crisis

    Stakeholder Communication During Crisis: How to Get It Right

    Government Regulation of AI businesses

    Government Regulation of AI businesses: UK Competition Watchdog Launches Review

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    Billtrust Appoints Ankur Ahuja

    Billtrust Appoints Ankur Ahuja as SVP and Chief Information Security Officer

    Cybertech Africa

    Cybertech Africa: The Pan-African Event for Innovation and Networking

    IBM Acquired Polar Security

    IBM Acquires Polar Security Reportedly For $60 Million

    World CyberCon Middle East 2023

    World CyberCon Middle East 2023: The Premier Cybersecurity Conference in the Region

    ODIN by Cyble

    Cyble Launches ODIN: A Revolutionary Tool for Unparalleled Internet Exploration

    cybersecurity investments

    Cybersecurity Investments Up in April, Market Watchers Predict Growth of Over $700 billion

    OilRig APT

    Experts Warn of Increased IT Supply Chain Attacks by OilRig APT in Middle East

    World Password Day 2023

    World Password Day 2023: Protect Your Password, Create an Unbreakable One

    national cybersecurity strategy

    US National Cybersecurity Strategy: Businesses, Let’s Start with Disclosure!

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon Middle East 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)
SUBSCRIBE
  • MagazineDownload
  • Firewall Daily
    • All
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media

    DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media

    Billtrust Appoints Ankur Ahuja

    Billtrust Appoints Ankur Ahuja as SVP and Chief Information Security Officer

    NoEscape Ransomware-as-a-Service (RaaS)

    NoEscape Ransomware-as-a-Service (RaaS): Triple-Extortion Affiliate Program Unveiled

    SharpPanda APT Targets High-Level Government Officials From G20 Nations

    SharpPanda APT Targets High-Level Government Officials From G20 Nations

    YKK Ransomware Attack

    LockBit Claims to Hit Global Zipper Giant YKK, Sets 14-Day Deadline

    SmokeLoader Malware

    SmokeLoader Malware Adopts New Tactics, Raises Serious Security Concerns

    Camaro Dragon

    Camaro Dragon Expands Cyber Espionage Operations with TinyNote Backdoor

    Vulnerability In MOVEit Transfer

    Vulnerability in MOVEit Transfer Exploited in the Wild

    Google Workspace security

    A Google Workspace Security Issue Can Allow Data Exfiltration Without Any Logs

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    Martin Sloan, Five Years Of GDPR

    Five Years of GDPR: There is a Long Way to Run on Cross-Border Data Transfers

    Nokoyawa Ransomware Group

    All You Need to Know About The Nokoyawa Ransomware Group

    StopRansomware Guide

    Updated StopRansomware Guide Warns of Ransomware’s Shape Shifting Tactics

    Microsoft Entra

    Microsoft Build 2023: Microsoft Entra Introduced With New Identity and Access Features

    Data Protection Commission

    Irish Data Protection Commission imposes $1.3bn Fine on Meta

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    US Police Auction Seized Cell Phones Without Wiping Data, Sparks Privacy Concerns

    disclosing cybersecurity incidents

    Why Victims Fail to Disclose Cybersecurity Incidents, And Why They Should

    Stakeholder Communication During Crisis

    Stakeholder Communication During Crisis: How to Get It Right

    Government Regulation of AI businesses

    Government Regulation of AI businesses: UK Competition Watchdog Launches Review

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    Billtrust Appoints Ankur Ahuja

    Billtrust Appoints Ankur Ahuja as SVP and Chief Information Security Officer

    Cybertech Africa

    Cybertech Africa: The Pan-African Event for Innovation and Networking

    IBM Acquired Polar Security

    IBM Acquires Polar Security Reportedly For $60 Million

    World CyberCon Middle East 2023

    World CyberCon Middle East 2023: The Premier Cybersecurity Conference in the Region

    ODIN by Cyble

    Cyble Launches ODIN: A Revolutionary Tool for Unparalleled Internet Exploration

    cybersecurity investments

    Cybersecurity Investments Up in April, Market Watchers Predict Growth of Over $700 billion

    OilRig APT

    Experts Warn of Increased IT Supply Chain Attacks by OilRig APT in Middle East

    World Password Day 2023

    World Password Day 2023: Protect Your Password, Create an Unbreakable One

    national cybersecurity strategy

    US National Cybersecurity Strategy: Businesses, Let’s Start with Disclosure!

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon Middle East 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Interviews

How Digital Forensics Can Help Enhance In-House Investigations

Avantika Chopra by Avantika Chopra
November 27, 2022
in Interviews
0
Digital Forensics
611
SHARES
3.4k
VIEWS
Share on LinkedInShare on Twitter

Harsh Behl is the Director of Product Management at Exterro, an e-discovery and information governance software provider. Based in London, Harsh has over a decade long experience in the cybersecurity realm and has spearheaded initiatives at his organization with hands-on experience in Data Analysis, Penetration Testing and Vulnerability Assessment, Encryption and Steganography software among others.

In an exclusive interaction with The Cyber Express, Harsh Behl discusses insider threats, roadblocks in internal investigations and how digital forensic solutions can help in-house investigations.

You might also like

Satnam Narang: We Have Only Scratched The Surface of AI

The Cyber Express Roundtable: Identity Protection And the Cyber Buddha!

Removing Explicit Online Content of Children is a Global War

Here is an excerpt from the interview.

TCE: Why are insider threats both intentional and unintentional growing?

With new work models such as work from anywhere and bring your own device, organizations are challenged with gaining visibility into users and the level of access they have to critical business assets. Home networks are now the corporate network, which translates to more data generated and, subsequently more risk.

Gaining visibility into employee personal devices is again a challenge, and any compromise in the device poses a threat to work product or intellectual property. More remote endpoints have created more security vulnerabilities, and organizations have lesser access to data and collaboration between teams for investigations. Adding to these is the slow implementation of policies, procedures, and employee training initiatives in using digital forensic solutions for investigations. These factors have left businesses with the issue of not being able to identify and mitigate intentional and unintentional insider threats.

Most often, unintentional threats occur due to phishing or social engineering attacks. Threat actors are able to access information across the board, including that of contractors and third parties working for the business. Unintentional attacks could also occur when malicious code is deployed into the system of a remote employee with access to critical data.

Intentional attacks could occur due to an employee exiting the company or through a disgruntled one. It could also be employees who are incentivized to steal data, like in the case of the ransomware group Lapsus$. The group identifies malicious insiders to install malware before demanding a ransom. These are some of the most pressing concerns associated with insider threats.

TCE: Roadblocks to internal investigations that currently exist among organizations.

In-house investigations are becoming more collaborative irrespective of the industry or sector the business caters to. Staff who are not legal professionals are being drawn into investigations. For example, HR, finance, compliance, and legal departments now play a critical role in preserving and analysing data for investigations. When data is scattered across departments, home networks, the cloud and more, the investigation process becomes complicated and time-consuming. This is doubly difficult when organizations have to collaborate with outside counsel, contracted law firms or legal service providers.

With disparate sets of data scattered across various functionalities, managing data silos is challenging. In addition, gathering data individually from remote endpoints can become extremely time-consuming and expensive, posing massive hurdles to investigations. This is where digital forensics solutions come in. Software that can reduce the amount of time spent in gathering and analyzing data is reduced drastically, making it a more efficient and cost-effective choice.

TCE: What Anomalies Do You Typically Look for When a System Becomes Compromised?

Anomalies encompass a wide range of events. Exterro can identify several anomalies. For instance, we can look at any/all USB events specifying the USB devices connected to the system. We can also highlight any remote desktop connections, find out if a threat actor gained access over the system, and identify privilege escalation, i.e., if a user (without admin access) procured admin access.

We can detect such events and bring them to the attention of the users, helping them build upon their investigations.

Additionally, if the fraud in question is a malware, virus etc., We can identify the point of entry or the point of intrusion. We also look for the movement of the malware, its persistence, affected end points, giving us the ability to identify the process for remediation. Our remediation process analyzes the system data (such as registries), the memory and the volatile data running on the device.

In case of intellectual property theft or data exfiltration, we try to analyze human behavior in conjunction with the system data to correlate and corroborate the points that could lead to proving malicious intent of the users. For instance, we can identify if the user had leaked documents or any intellectual property of the company. While anomalies vary case by case, our process can answer who did what and when post breach.

TCE: How digital forensic solutions can help in-house investigations?

Over the last few years, cyberattacks and insider threats from current and past employees have increased. Globally, four in ten business leaders say existing employees pose a threat to data theft. This isn’t unfounded as 63% of employees exiting a company admitted to taking data from their respective workplaces. At a time when cyberattacks are on the rise, probing the incident is also often a challenging task. With these traits on the rise, organizations need a holistic investigation mechanism to identify and manage threats.

But a massive hurdle is legacy forensic technologies. These are hard to scale and create data silos. With investigations spanning innumerable endpoints, collating and analyzing data is a time consuming task. Existing forensic tools and technologies can’t perpetually deliver the efficiency required to complete the investigative workload. This is why businesses need integrated digital forensic solutions that foster collaboration, reducing data movement, longer timeframes and higher costs.

TCE: Why can digital forensics enable organizations in reducing risk brought on by insider threats?

Insider threats are an expensive affair. Globally, insider threats have increased by 40% over the last 2-3 years costing companies an average of $13 million. If not monitored properly, insider threats may go unnoticed for weeks and sometimes months. Businesses need the capacity to react quickly and efficiently to insider threats, requiring data to be collected from numerous endpoints across the network and remote locations quickly. And it must be done without detection. This data needs to be analyzed to gather actionable insights on how to remediate the situation.

Digital forensic solutions can help businesses perform all of these tasks. They enable organizations to become more proactive in detecting and avoiding insider threats. When integrated with SIEM tools to create a Security Orchestration Automation Response, digital forensic solutions can act as a guidebook for preventive measures before a breach can even occur. Data gathered from digital forensic solutions can aid SIEM tools to trigger workflows automatically and also reduce the risk of data breaches.

In the digital age, where businesses are generating petabytes of data, legacy investigation strategies become ineffective and costly. With powerful and flexible digital forensic solutions, organizations can tackle big, diverse data loads, work faster and scale bigger.

TCE: How can these solutions reduce the risk brought on by outsourcing investigations?

Any successful investigation requires untainted facts, which means forensically sound preservation, collection, analysis and review of data. When investigations are outsourced, they become expensive, time consuming due to multiple factors. Businesses would have to identify the right third-party vendor with expertise in digital forensics, while also relying on the third-party to conduct a forensically sound investigation. In addition, the third party must be given access to the company’s IT infrastructure and the devices that require data collection and analysis, opening up the attack surface further.

Interviewing relevant people for the investigation and verifying the information they provide with the data, contextualizing and analyzing mandates no margin of error. The outsourcing companies will also have to upload sensitive company data onto their own data centers to carry out the investigation. These factors add external contingencies to an investigation, posing greater risk of data theft. Integrated digital forensic solutions that are easy to use enable in-house teams to get to the facts of the case faster, quicker in a cost-effective manner. The evidence generated is forensically sound and businesses can avoid the risk of data movement and the use of non-defensible approaches of investigation that could render evidence inadmissible.

TCE: How Would You Monitor and Log Cyber Security Events?

While Exterro is a post-breach analysis company and does not partake in monitoring, we provide scanning options. Scanning could allow the users to look for indicators of compromise across the entire network.

Exterro runs these scans with the support of our automation capabilities, and if we find any anomalies/compromises, we can automate further investigation. We integrate with technologies such as SIEM (Security Information and Event Management) (SIEM) and SOAR (Security Orchestration, Automation and Response) from Palo Alto’s Splunk, which helps us add to the cyber infrastructure of an organization.

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: Digital ForensicsExterroinsider threatsThe Cyber ExpressThe Cyber Express News
Previous Post

Cyber Monday Deals 2022: How To Shop Smart & Get Best Discounts

Next Post

Don’t Miss Out on The Best Cyber Monday Deals in 2022

Avantika Chopra

Avantika Chopra

Senior Sub-Editor, The Cyber Express

Related Posts

Satnam Narang
Features

Satnam Narang: We Have Only Scratched The Surface of AI

by Editorial
May 6, 2023
The Cyber Express Roundtable
Interviews

The Cyber Express Roundtable: Identity Protection And the Cyber Buddha!

by Editorial
March 27, 2023
Explicit Online Content of Children
Firewall Daily

Removing Explicit Online Content of Children is a Global War

by Vishwa Pandagle
March 25, 2023
Transparency of Your Cybersecurity Tools is Pivotal
Firewall Daily

Transparency of Your Cybersecurity Tools is Pivotal

by Editorial
March 11, 2023
Gender Diversity
Firewall Daily

Gender Diversity Encourages Equality and a More Resilient, Trusted Workforce

by Vishwa Pandagle
March 9, 2023
Next Post
Best Cyber Monday Deals

Don’t Miss Out on The Best Cyber Monday Deals in 2022

Latest Issue is Out. Subscribe Now

Cyber express

CRIL


Follow Us On Google News

Never miss an update. Subscribe!

* indicates required

mailchimp

Latest Cyber News

DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media
Espionage

DPRK’s Social Engineering Campaign Targets Think Tanks, Academia, and Media

June 3, 2023
Billtrust Appoints Ankur Ahuja
Appointments

Billtrust Appoints Ankur Ahuja as SVP and Chief Information Security Officer

June 3, 2023
NoEscape Ransomware-as-a-Service (RaaS)
Dark Web News

NoEscape Ransomware-as-a-Service (RaaS): Triple-Extortion Affiliate Program Unveiled

June 3, 2023
SharpPanda APT Targets High-Level Government Officials From G20 Nations
Firewall Daily

SharpPanda APT Targets High-Level Government Officials From G20 Nations

June 2, 2023

Categories

Web Stories

Top 10 CISOs to Follow in 2023
Top 10 CISOs to Follow in 2023
Top 10 Ransomware Gangs in 2023
Top 10 Ransomware Gangs in 2023
Top 5 IoT Security Risks in 2023
Top 5 IoT Security Risks in 2023
Top 10 CTF Platforms in 2023
Top 10 CTF Platforms in 2023
Types of Risks Covered by Cyber Insurance
Types of Risks Covered by Cyber Insurance

About

The Cyber Express by Cyble

#1 Trending Cyber Security News and Magazine

The Cyber Express  by Cyble is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

 

Contact

For editorial queries: [email protected]

For marketing and Sales: [email protected]

For Events & Conferences related information: [email protected]

 

Quick Links

  • About Us
  • Advertise With Us
  • Contact Us
  • Editorial Calendar

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

 

India Office:

Cyber Express Media Network
HD-021, 4th Floor, C Wing, Building No.4. Nesco IT Park, WE Highway, Goregaon East, Mumbai, Maharashtra, India – 4000063

Subscribe to Our Feed

RSS Feeds

Follow Us On Google News
  • Privacy Statement
  • Terms of Use
  • Write For Us

© 2022 The Cyber Express (Cyber Security News and Magazine) | By Cyble Inc.

No Result
View All Result
  • Magazine
  • Firewall Daily
  • Essentials
    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • World CyberCon Middle East 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • Products
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin (Beta)

© 2022 The Cyber Express (Cyber Security News and Magazine) | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.
Top 10 CISOs to Follow in 2023 Top 10 Ransomware Gangs in 2023 Top 5 IoT Security Risks in 2023 Top 10 CTF Platforms in 2023 Types of Risks Covered by Cyber Insurance