Catelas For Information Theft Detection & Investigations

Copyright © 2010 Catelas Inc. All rights reserved.

Detect & contain Information Theft without collecting a single email

Relationship Forensics


Agenda

1. Traditional approach to Data Leakage and Investigations

2. Introducing a new approach3. Catelas demo4. Q&A


Guest speaker

Scott Emery• Managing Director and Partner of i-fact analysis• With i-fact, has worked on hundreds of complex Security

Investigations for Corporate clients worldwide• Created and managed the Forensics Investigations Unit at

State Street – recognized as one of the best in the world • Extensive experience in complex eDiscovery cases working

with senior management, corporate General Counsel and Law firms

• Conducted over 1,000 digital forensic and cyber investigations over a distinguished career

• Participated in all aspects of corporate compliance


The Problem

42% of CISO’s believe that departing employees represent the greatest threat in the current economic

• Employees are a serious threat vector• Current tools monitor data movement, not people• Security investigations , by nature, are reactive

* Ponemon Institute - 78% of US companies have suffered unreported insider breaches; 59% of departing employees steal company information.

Detect & contain Information Theft without collecting a single email

How We Do It

The Investigations Control Center:• Large number of on-going cases• Too much data to collect / where to start• Investigations team gets called in after the event

(or suspicion)• The information is needed tomorrow!

How investigations are handled:• The next case is the most important• Prioritization is difficult because usually not

much is known about the case• Speed of collection tends to over-shadow

quality of collection• Process is iterative – re-collection is inevitable

Re-active & iterative Labor & cost intensive

Traditional process


Polling Question 1

To what extent are you monitoring for employee information theft?

a) This is not a major concern for usb) Ad hoc investigations (when someone is

suspected)c) We have DLP in place and it covers our

requirementsd) We had not previously considered

monitoring people but would like to know more


How We Do It

The Catelas: 1st Comprehensive solution Unique Behavioral Science algorithms

uncover the strong relationships inside & outside firm

Social Network Analysis identifies missing custodians & uncovers ‘friends in common’

Log file analysis allows ENTIRE company network to be uncovered

Advanced Data Analytics uncover IP theft & information flow

Highly scalable & comprehensive Easy to use, deploy & maintain No integration with email server Low cost of ownership IMEmail Telephony Log files

Behavioral

Sciences

Network Analysis

Data

Anal

ytics


Why we are unique

Traditional data-centric approaches: • Rules based – defined keyword search criteria• Huge volumes of data to correlate and review• Collection is costly and disruptive• Work flow is resource intensive and iterative• There are fewer “smoking guns”

The Catelas: 1st Comprehensive solution Only solution that focuses on people relationships first and then content Proven link analysis methodology used by law enforcement Allows surveillance of entire email network with same manpower as sampling Pro-active, non-disruptive, highly efficient work flow – at significantly lower cost


Anomalous Behavior-based security – people relationships first, then data

What we do

Proactive email surveillance: identify high risk individuals communicating to webmail, competitors or suspicious entities

Automated anomalous Behavior reporting: identify high-risk relationships and define policy before incidents occur

Detailed Forensics Investigations: identify key suspects before collection process and review begins

Conduct investigations 5 times faster; detect & contain Info Theft without collecting a single email

Insider Theft

“UBS has filed a lawsuit against three quant former employees alleging that they stole proprietary trading software with the intent of using it at their new employer, Jefferies & Company.“

The three were also accused of starting their new jobs at Jefferies & Co while still employed at UBS.

UBS Accuses Three Quant Traders Of Stealing Its Source Code

Uncover IP theft in minutes - without collecting email

Early detection = containment!

Trade Secrets – departing employee

http://www.businessinsider.com/ubs-accuses-three-quant-traders-of-stealing-its-secret-code-2009-6

Litigation InvestigationsEarly Case Analytics

Internal Investigations

Example: M&A press leak. Who inside the company leaked information to the press [shaded grey]?

1. Some individuals are authorized to speak to the press. Some are not!

2. F Keavey who works in R&D should not be communicating with John Edmiston

3. Quickly establish who to investigate and tag suspicious emails.

Kick-backs - FCPA

General Electric Company, whose compliance program is among the most respected and admired in the world, has settled civil violations of the Foreign Corrupt Practices Act with the SEC.The company agreed to pay $23.4 million to resolve claims of kick-backs to Iraqi government officials for lucrative supply contracts by four GE subsidiaries paid under the United Nation's oil-for-food program.

SEC fines GE $23M for FCPA violations

Quickly assess the severity of the investigation. Co-operate with authorities. Negotiate early.

Early resolution = reduced fine and less PR exposure

Kick-backs - FCPA


Catelas work flow

Precise Collection – by custodian, timeline or specific email

Email Archivesolutions

(in-house or outsourced)

Map entire company before collection

Identify and tag relevant custodians

and/or specific emails (or documents)

Reduce collection and investigation time

and costs by up to 80%

Internal Security

In-depth Investigations

Incident reports – from DLP, IPS etc

Log Files

Identification, Surveillance & Investigations

Native emails

Intelligent Early Case Assessment

eDiscovery

Processing- culling


Log Files

Email Archive

Compliance(information barriers, Watch lists)

Security(investigations, surveillance)

Legal(Legal Hold, Early Case Assessment)

Tag Report (Message ID’s)

Automated log file import(no e-mails collected)

Comprehensive company wide surveillance & investigative solution

Identify people, behavior, communications – collect only precisely what is needed

More effective investigations – save money; use your time more effectively

Single Solution

Email collected

Entire company network Selected suspects


• Pro-active email surveillance using Log Files Uncover security and compliance breaches without collecting a single email

Conclusion

• Smarter, faster investigations Conduct investigations 5 times faster !

• Intelligent Collection and Early Case Assessment for Legal cases Identification - preserve & collect the right people first time

Reduce collection time and costs by 75%

• Holistic solution – Info Sec, Legal and Compliance Quick time to value through shared cost of ownership


Live Demo


Polling Question 2

a) No thanksb) Interesting, but not a priority right nowc) Very interesting, we would like to learn more

Given what you have learned today, how would you rate the Catelas Relationship Forensics solution?


Thank You

Eddie [email protected]

Scott [email protected]

mailto:[email protected]

http://www.catelas.com/

mailto:[email protected]

http://www.i-factanalysis.com/

Catelas For Information Theft Detection & Investigations

Documents

Transcript of Catelas For Information Theft Detection & Investigations