catelas for information theft detection & investigations
DESCRIPTION
Concerned about departing employee theft? Bogged down in investigations? Always-on company-wide email surveillance Proactively investigate cases BEFORE you start collecting emailTRANSCRIPT
Copyright © 2010 Catelas Inc. All rights reserved.
Detect & contain Information Theft without collecting a single email
Relationship Forensics
Copyright © 2010 Catelas Inc. All rights reserved.
Agenda
1. Traditional approach to Data Leakage and Investigations
2. Introducing a new approach3. Catelas demo4. Q&A
Copyright © 2010 Catelas Inc. All rights reserved.
Guest speaker
Scott Emery• Managing Director and Partner of i-fact analysis• With i-fact, has worked on hundreds of complex Security
Investigations for Corporate clients worldwide• Created and managed the Forensics Investigations Unit at
State Street – recognized as one of the best in the world • Extensive experience in complex eDiscovery cases working
with senior management, corporate General Counsel and Law firms
• Conducted over 1,000 digital forensic and cyber investigations over a distinguished career
• Participated in all aspects of corporate compliance
Copyright © 2010 Catelas Inc. All rights reserved.
The Problem
42% of CISO’s believe that departing employees represent the greatest threat in the current economic
• Employees are a serious threat vector• Current tools monitor data movement, not people• Security investigations , by nature, are reactive
* Ponemon Institute - 78% of US companies have suffered unreported insider breaches; 59% of departing employees steal company information.
Detect & contain Information Theft without collecting a single email
How We Do It
The Investigations Control Center:• Large number of on-going cases• Too much data to collect / where to start• Investigations team gets called in after the event
(or suspicion)• The information is needed tomorrow!
How investigations are handled:• The next case is the most important• Prioritization is difficult because usually not
much is known about the case• Speed of collection tends to over-shadow
quality of collection• Process is iterative – re-collection is inevitable
Re-active & iterative Labor & cost intensive
Traditional process
Copyright © 2010 Catelas Inc. All rights reserved.
Polling Question 1
To what extent are you monitoring for employee information theft?
a) This is not a major concern for usb) Ad hoc investigations (when someone is
suspected)c) We have DLP in place and it covers our
requirementsd) We had not previously considered
monitoring people but would like to know more
Copyright © 2010 Catelas Inc. All rights reserved.
How We Do It
The Catelas: 1st Comprehensive solution Unique Behavioral Science algorithms
uncover the strong relationships inside & outside firm
Social Network Analysis identifies missing custodians & uncovers ‘friends in common’
Log file analysis allows ENTIRE company network to be uncovered
Advanced Data Analytics uncover IP theft & information flow
Highly scalable & comprehensive Easy to use, deploy & maintain No integration with email server Low cost of ownership IMEmail Telephony Log files
Behavioral
Sciences
Network Analysis
Data
Anal
ytics
Copyright © 2010 Catelas Inc. All rights reserved.
Why we are unique
Traditional data-centric approaches: • Rules based – defined keyword search criteria• Huge volumes of data to correlate and review• Collection is costly and disruptive• Work flow is resource intensive and iterative• There are fewer “smoking guns”
The Catelas: 1st Comprehensive solution Only solution that focuses on people relationships first and then content Proven link analysis methodology used by law enforcement Allows surveillance of entire email network with same manpower as sampling Pro-active, non-disruptive, highly efficient work flow – at significantly lower cost
Copyright © 2010 Catelas Inc. All rights reserved.
Anomalous Behavior-based security – people relationships first, then data
What we do
Proactive email surveillance: identify high risk individuals communicating to webmail, competitors or suspicious entities
Automated anomalous Behavior reporting: identify high-risk relationships and define policy before incidents occur
Detailed Forensics Investigations: identify key suspects before collection process and review begins
Conduct investigations 5 times faster; detect & contain Info Theft without collecting a single email
Insider Theft
“UBS has filed a lawsuit against three quant former employees alleging that they stole proprietary trading software with the intent of using it at their new employer, Jefferies & Company.“
The three were also accused of starting their new jobs at Jefferies & Co while still employed at UBS.
UBS Accuses Three Quant Traders Of Stealing Its Source Code
Uncover IP theft in minutes - without collecting email
Early detection = containment!
Trade Secrets – departing employee
Litigation InvestigationsEarly Case Analytics
Internal Investigations
Example: M&A press leak. Who inside the company leaked information to the press [shaded grey]?
1. Some individuals are authorized to speak to the press. Some are not!
2. F Keavey who works in R&D should not be communicating with John Edmiston
3. Quickly establish who to investigate and tag suspicious emails.
Kick-backs - FCPA
General Electric Company, whose compliance program is among the most respected and admired in the world, has settled civil violations of the Foreign Corrupt Practices Act with the SEC.The company agreed to pay $23.4 million to resolve claims of kick-backs to Iraqi government officials for lucrative supply contracts by four GE subsidiaries paid under the United Nation's oil-for-food program.
SEC fines GE $23M for FCPA violations
Quickly assess the severity of the investigation. Co-operate with authorities. Negotiate early.
Early resolution = reduced fine and less PR exposure
Kick-backs - FCPA
Copyright © 2010 Catelas Inc. All rights reserved.
Catelas work flow
Precise Collection – by custodian, timeline or specific email
Email Archivesolutions
(in-house or outsourced)
Map entire company before collection
Identify and tag relevant custodians
and/or specific emails (or documents)
Reduce collection and investigation time
and costs by up to 80%
Internal Security
In-depth Investigations
Incident reports – from DLP, IPS etc
Log Files
Identification, Surveillance & Investigations
Native emails
Intelligent Early Case Assessment
eDiscovery
Processing- culling
Copyright © 2010 Catelas Inc. All rights reserved.
Log Files
Email Archive
Compliance(information barriers, Watch lists)
Security(investigations, surveillance)
Legal(Legal Hold, Early Case Assessment)
Tag Report (Message ID’s)
Automated log file import(no e-mails collected)
Comprehensive company wide surveillance & investigative solution
Identify people, behavior, communications – collect only precisely what is needed
More effective investigations – save money; use your time more effectively
Single Solution
Email collected
Entire company network Selected suspects
Copyright © 2010 Catelas Inc. All rights reserved.
• Pro-active email surveillance using Log Files Uncover security and compliance breaches without collecting a single email
Conclusion
• Smarter, faster investigations Conduct investigations 5 times faster !
• Intelligent Collection and Early Case Assessment for Legal cases Identification - preserve & collect the right people first time
Reduce collection time and costs by 75%
• Holistic solution – Info Sec, Legal and Compliance Quick time to value through shared cost of ownership
Copyright © 2010 Catelas Inc. All rights reserved.
Live Demo
Copyright © 2010 Catelas Inc. All rights reserved.
Polling Question 2
a) No thanksb) Interesting, but not a priority right nowc) Very interesting, we would like to learn more
Given what you have learned today, how would you rate the Catelas Relationship Forensics solution?
Copyright © 2010 Catelas Inc. All rights reserved.
Thank You
Eddie [email protected]
Scott [email protected]