Recognizing the critical need for state and local law enforcement agencies to have state-of-the art technologies to effectively fight digital crime, Cisco is creating the AMP Threat Grid for Law Enforcement Program. The program is designed to empower those working to protect our communities from cybercriminals with its dynamic malware analysis and threat intelligence platform.
Computers are central to modern criminal investigations, whether as instruments to commit the crime, as is the case for phishing, hacking, fraud or child exploitation; or as a storage repository for evidence of the crime, which is the case for virtually any crime. In addition, those using computers for criminal activity continue to become more sophisticated, and state and local law enforcement agencies struggle to keep up with their internal computer forensics/digital investigation capabilities. Malware analysis is also a critical part of digital investigation: to prove or disprove a "Trojan defense" for suspects, wherein the accused rightly or falsely claims a malicious software program conducted the criminal activity and not the user; and to investigate unknown software and suspicious files on the computers of the victims of cybercriminal activity for evidence of the crime.
The AMP Threat Grid for Law Enforcement program is designed for state and local agencies with fewer than 1,000 sworn officers. In the United States, this encompasses more than 99.5 percent of law-enforcement agencies. Once empowered with AMP Threat Grid, within seconds of a threat-intelligence query or withing a few minutes of submitting a suspicious file or URL for analysis, an investigator will have the ability to view and download an easy-to-read and comprehensive report detailing the actual behavior of the submitted file, including changes to the file system, registry, command-and-control communication, downloads, code injection, and other malicious activity.
Computers are central to modern criminal investigations, whether as instruments to commit the crime, as is the case for phishing, hacking, fraud or child exploitation; or as a storage repository for evidence of the crime, which is the case for virtually any crime. In addition, those using computers for criminal activity continue to become more sophisticated, and state and local law enforcement agencies struggle to keep up with their internal computer forensics/digital investigation capabilities. Malware analysis is also a critical part of digital investigation: to prove or disprove a "Trojan defense" for suspects, wherein the accused rightly or falsely claims a malicious software program conducted the criminal activity and not the user; and to investigate unknown software and suspicious files on the computers of the victims of cybercriminal activity for evidence of the crime.
The AMP Threat Grid for Law Enforcement program is designed for state and local agencies with fewer than 1,000 sworn officers. In the United States, this encompasses more than 99.5 percent of law-enforcement agencies. Once empowered with AMP Threat Grid, within seconds of a threat-intelligence query or withing a few minutes of submitting a suspicious file or URL for analysis, an investigator will have the ability to view and download an easy-to-read and comprehensive report detailing the actual behavior of the submitted file, including changes to the file system, registry, command-and-control communication, downloads, code injection, and other malicious activity.
In addition, AMP Threat Grid will correlate the file with the millions of samples and billions of artifacts in the threat intelligence database, providing instant global and historical context. The program also includes seamless integration with EnCase® Forensic to reduce investigators' time and effort to identify and analyze suspected malware.
The AMP Threat Grid for Law Enforcement program includes:
- Two portal user accounts per agency
- Up to five samples (of suspicious files or compute programs) or URLs submitted per day, per user, for analysis through the portal or via the API integration with EnCase Forensic
- Unlimited sample queries through the portal or via the API integration with EnCase Forensic, including file hash values, IP addresses, domains, registry keys, and file paths
- The AMP Threat Grid Malware Analysis and Intelligence for EnCase EnScript and installation guide, training manual and video, and EnCase Forensic case template
- Access to regularly scheduled law enforcement-only WebEx sessions for training and peer discussion
Cisco will host a hands-on lab for threat intelligence and dynamic malware analysis at the Computer and Enterprise Investigations Conference (CEIC) to be held at Caesars Palace in Las Vegas, May 18-21, 2015.
Law-enforcement investigators can register for the program on the Threat Grid Law Enforcement Program page. The AMP Threat Grid Malware Analysis and Intelligence for EnCase EnScript is available for download at no cost to Guidance Software customers from the EnCase App Central store; it includes a 30-day pilot of the full solution for non-law enforcement incident responders, with free malware sample submissions and contextual searches of the Threat Grid threat intelligence repository.
Jessica Bair, EnCE, EnCEP
jbair@cisco.com
Sr. Manager, Business Development
Advanced Threat Solutions, Cisco Security Group
Comments? Questions? We welcome discussion in the section below.
No comments :
Post a Comment