2020 has proven to be an incredibly challenging year for Information Security and Investigative teams. During the pandemic, there has been a 5x increase in cyber-attacks and an explosion of new endpoints and applications. Due to the proliferation of remote, dispersed and intermittently connected endpoints, corporate investigative teams may need to acquire relevant digital evidence from off-network devices or targets – which can complicate an otherwise routine investigation. These remote endpoints are also more difficult to secure, as the sporadic connection between the user the network may create visibility issues.
The OpenText™ Security & Protection Cloud provides the tools organizations need to keep intellectual property, customer records and sensitive financial information protected. This includes increased access and visibility to off-network endpoints, expanded investigation capabilities, and enhanced threat detection based on the MITRE ATT&CK knowledge base. The latest releases for OpenText™ Tableau Forensic Hardware, OpenText™ EnCase™ Forensic, OpenText™ EnCase™ Endpoint Investigator and OpenText™ EnCase™ Endpoint Security are designed with these modern challenges in mind.
OpenText EnCase™ Forensic and EnCase™ Endpoint Investigator CE 20.4
At times in the investigation workflow, teams may need to acquire information or evidence from off-network devices or targets. EnCase Endpoint Investigator now allows for the queueing of collection jobs from off-network sources – leading to uninterrupted investigations of intermittently connected targets.
Also available in EnCase Forensic and EnCase Endpoint Investigator CE 20.4 is the new EnCase Evidence Viewer – a third party, satellite application that allows for collaborative investigations with EnCase data. Users can easily share case data with relevant outside parties, easily accept changes and continue with the investigation.
Other updates in EnCase Forensic and Endpoint Investigator CE 20.4 include:
- Repository preview (triage) view for Microsoft One Drive
- Updates to support Dell Encryption 10.7
Tableau Forensic Hardware CE 20.4
OpenText Tableau TX1 Forensic Imager includes expanded artifact support and enhanced forensic collection, and adds support for unlocking encrypted Microsoft BitLocker and Apple APFS volumes (20.4) with known user credentials. The latest release also provides an automated imaging mode and the ability to power down remotely through the web interface.
EnCase™ Endpoint Security CE 20.4
This release also marks an expansion of the threat detection updates delivered in OpenText EnCase Security CE 20.3, including further alignment to the MITRE ATT&CK knowledge base.
Enhancements include updates to continuous monitoring and efficiency with I/O reduced by 10x. Users can maximize threat awareness with 400+ new fields added to the anomaly detection builder, allowing analysts to build powerful detection rules with real-time alerting.
New fields available for use in the anomaly builder include the Windows Event log, which is relevant to deploying MITRE ATT&CK based detections. In addition to the expanded custom capabilities, 20.4 includes many new Out of the Box (OOTB) detection rules designed to detect TTPs from across MITRE’s ATT&CK framework*.
To learn more about OpenText Security & Protection cloud, visit our website.
Accelerate your upgrade and reduce risk by working with OpenText Professional Services. Let our experts work with you to assess the current environment and prepare recommendations for a successful upgrade, whether on-premises, in the OpenText Cloud, in other company’s clouds or in a hybrid environment.
*MITRE ATT&CK Round 3 (Carbanak/FIN7) results will be available sometime around February 2021.