- Spotting compromised admin accounts ( link): By analyzing the activity of end users logged in with administrator credentials, the interface shows activity across multiple domains by the same administrator account. Such activity points to the credentials having been compromised, which could lead to data theft or worse.
- Pointing to advanced persistent threats (APTs) ( link): While many security solutions highlight network traffic to countries where suspected hacking originates, EnCase Analytics lets the security administrator quickly see which processes and services are making requests to those countries. If a kernel service is connecting to one of these countries, this may be a serious problem and potential evidence of an APT attack.
- Visualizing polymorphic malware ( link): Few security solutions can spot malware that changes its name to avoid signature detection. EnCase Analytics shows the number of instances of a process and that number’s deviation from normal, as well as other processes that might have the same prevalence over a period of time. If there are similarities in the way multiple processes are acting across machines, it is clear, visual evidence of polymorphic malware.
Guidance Software, Inc. (NASDAQ: GUID), the World Leader in Digital Investigations™, today announced the company’s newest product EnCase® Analytics is now generally available. EnCase Analytics exposes unknown and difficult-to-detect threats by applying “big data” analytical techniques to the reams of data generated by endpoint activity, producing a clear picture of organization-wide security risk. For the first time, IT security teams can take a proactive threat surveillance posture by collecting and analyzing the activity across all endpoints—including servers—on their network to reveal both external and internal threats. EnCase Analytics reveals new threats, compromised accounts, back-channel communications and processes that morph as they propagate throughout a network and often bypass detection- and signature-based security measures. “IT operations and security staffs are often overwhelmed by the task of monitoring and managing thousands of endpoint devices. Consequently, security data collection and analysis from endpoints can be inadequate or even nonexistent,” said Jon Oltsik, senior principal analyst for Enterprise Strategy Group (ESG). “These teams need security monitoring and analytics products offering comprehensive coverage, ease-of-use and automation to manage the scale, mobility, and dynamic nature of endpoint devices.” The initial release of EnCase Analytics has been deployed by multinational healthcare, manufacturing and risk management organizations, each with hundreds of thousands of endpoints. These organizations have used EnCase Analytics to collect, correlate and analyze endpoint activity to uncover potential security breaches. Through an intuitive graphical user interface, which leverages market-leading data visualization technology, EnCase Analytics provides a bird’s-eye view of a company’s security posture—no matter how large or disparate the datasets may be—delivering unprecedented visibility into endpoint activity. EnCase Analytics enables IT security teams to visualize security problems that would otherwise go undetected, such as: