October 18, 2011

EnCase Automates Response to Security Incidents


  • EnCase Cybersecurity software now connects with security information and event management (SIEM) systems to automate response to security incidents.
  • Software includes out-of-the-box integration with industry's leading SIEM, HP ArcSight ESM, to automate incident response.
  • Company offers new Response Integration Services to integrate EnCase Cybersecurity with other alerting tools.

PASADENA, Calif.--(BUSINESS WIRE)-- Guidance Software, Inc. (NASDAQ: GUID) today announced new software and services that fill a critical gap in information security by helping organizations respond automatically to security attacks and breaches, giving businesses and government agencies the capacity to react to thousands of events daily and reduce the time between a breach and incident response.

Guidance Software has connected EnCase® Cybersecurity version 4.3 with security information and event management (SIEM) systems to facilitate security automation. For example, when an attack or breach event is suspected, the SIEM system can now automatically trigger an EnCase Cybersecurity forensic response, including exposing, collecting, triaging and remediating data related to threats — essentially taking action on or gathering data about a security event that might otherwise have been missed.

By automating incident response, organizations can collect actionable information about an attack, minimize data leakage and economic damage, and reduce the time needed to eliminate the threat and return an endpoint computer to a normal state.

According to a September 2011 Cost of Cyber Crime study by The Ponemon Institute, the average time to resolve a cyber attack in 2011 was 18 days. Shortening that duration could reduce the cost and impact of an attack, which the Ponemon study placed at $416,000 on average. Results of the study also showed that malicious insider attacks can take more than 45 days to contain.

"Time is of the essence when performing incident response, but today's security teams are constrained by the volume of attacks and the time it takes to initiate a response. Any delay in response means a potential for more damage and a loss of valuable data," said Victor Limongelli, president and chief executive officer, Guidance Software. "By automating forensic response EnCase Cybersecurity enables security teams to achieve a real-time view of what was occurring on endpoints during an attack, even if the incident occurred over a weekend or in the middle of the night."

Organizations have three ways they can automate incident response using new features in EnCase Cybersecurity:

  • Integration with ArcSight The integration of EnCase Cybersecurity with HP ArcSight Enterprise Security Manager (ESM) offers four pre-programmed, automatic functions, including forensic auto-capture of system memory, scanning for Internet history and cache files, scanning for personally identifiable information, and conducting a targeted forensic data audit of a system. Security managers can run these EnCase functions and view results from a pull-down menu inside ArcSight ESM with a few mouse clicks, or they can set them to run automatically, without manual intervention, when an incident triggers a security alert.
  • Response Automation Connector — EnCase Cybersecurity 4.3 includes the new response automation connector, which is an application-programming interface (API) that gives organizations the ability to integrate the software with other security alerting systems. Customers using the API can integrate all of EnCase Cybersecurity's incident response capabilities into their SIEM environment and automate those functions that are most important to their security processes.
  • Response Automation Services — Guidance Software has also launched new professional services offerings to help organizations with other security alerting tools or unique staffing needs to automate response to security incidents using EnCase Cybersecurity.


EnCase Cybersecurity 4.3 and Response Automation Services are currently available. An informational video and data sheet is available at http://www.guidancesoftware.com/automatic-response.htm?cmpid=newsrelease.

Industry Commentary / Quotes

  • "ArcSight ESM customers correlate data from countless events each day. The sheer volume makes prioritization and rapid response a major challenge, which is why we are working to integrate additional response capabilities into our platform," said Buck Watia, Director of Business Development at ArcSight an HP Company. "EnCase Cybersecurity is a perfect example of a technology at the head of the pack in helping companies resolve problems after a breach."
  • "Integration between SIEM solutions and incident response solutions like EnCase Cybersecurity is a needed evolution," said Andrew Hay, Senior Security Analyst with The 451 Group's Enterprise Security Practice. "The ability to facilitate the capture of real-time endpoint data the moment an alert is generated within the SIEM effectively reduces the time gap between alert and response."

About Guidance Software, Inc.

Guidance Software is recognized worldwide as the industry leader in digital investigative solutions. Its EnCase® platform provides the foundation for government, corporate and law enforcement organizations to conduct thorough, network-enabled, and court-validated computer investigations of any kind, such as responding to e-discovery requests, conducting internal investigations, responding to regulatory inquiries or performing data and compliance auditing - all while maintaining the integrity of the data. There are more than 40,000 licensed users of the EnCase technology worldwide, the EnCase® Enterprise platform is used by more than 60 of the Fortune 100, and thousands attend Guidance Software's renowned training programs annually. For more information about Guidance Software, visit www.guidancesoftware.com/.

Follow Guidance Software on Twitter at www.twitter.com/encase and on Facebook at www.facebook.com/guidancesoftware.

EnCase®, EnCE®, EnCEP®, EnScript®, FastBloc®, Guidance Software™ and Tableau™ are registered trademarks or trademarks owned by Guidance Software in the United States and other jurisdictions and may not be used without prior written permission. All other marks and brands may be claimed as the property of their respective owners.

Forward Looking Statements

This news release contains forward-looking statements within the meaning of the safe harbor provisions of the Private Securities Litigation Reform Act of 1995. Investors are cautioned that forward-looking statements in this release involve risks and uncertainties that could cause actual results to differ materially from current expectations. There can be no assurance that demand for the Guidance Software's products will continue at current or greater levels, or that the Company will continue to grow revenues, or be profitable. There are also risks that the Guidance Software's pursuit of providing network security and eDiscovery technology might not be successful, or that if successful, it will not materially enhance the Guidance Software's financial performance; that the Company could fail to retain key employees; that changes in customer requirements and other general economic and political uncertainties could impact the Guidance Software's relationship with its customers; and that delays in product development, competitive pressures or technical difficulties could impact timely delivery of next-generation products; and other risks and uncertainties that are described from time to time in Guidance Software's periodic reports and registration statements filed with the Securities and Exchange Commission. The Company specifically disclaims any responsibility for updating these forward-looking statements.


Photos/Multimedia Gallery Available: http://www.businesswire.com/cgi-bin/mmg.cgi?eid=50032580&lang=en


Guidance Software, Inc.
Alex Andrianopoulos


Source: Guidance Software, Inc.



News Provided by Acquire Media

Close window | Back to top

Copyright 2018 Guidance Software, Inc.