Nuix, a technology company that enables people to make fact-based decisions from unstructured data, has launched Nuix Incident Response, an innovative investigative tool that rapidly delivers deep insights into the cause and scope of data breaches. It harnesses the Nuix Engine’s unique abilities to ingest data natively from hundreds of file types and data formats, adding built-in intelligence to guide incident responders toward the key evidence of internal or external breaches.
“Organisations are losing the battle against data breaches—attackers typically compromise their targets within hours or days, but these attacks can take weeks to detect and months to resolve,” said Dr. Jim Kent, Global Head of Investigations & Security and CEO North America at Nuix. “Nuix Incident Response is a breakthrough technology that replaces complex manual processes with automation and intelligence to reduce the gap between detection and remediation, and thus minimise the damage suffered as a result of breaches.”
Nuix Incident Response builds on the Nuix Engine’s ability to ingest and analyse vast volumes of data from multiple sources with great speed and forensic depth. It adds:
- Context user interface. This powerful new visualisation automatically filters, groups, and links items of interest to breach investigators. It is a fast and intuitive way to take large numbers of items and allow the most interesting and relevant ones to float to the top.
- Volatile system and network information. Nuix’s Collection technologies can now gather live information including running processes, application handles and threads, services, drivers, network sessions, IP and MAC addresses, open ports, network routing tables, time zone, screen captures of running applications, and network traffic.
- Log file, Logstash, and GeoIP Analysis. Nuix Incident Response adds to Nuix’s native ability to handle common log files by ingesting Logstash outputs. Incident responders can enrich the content of log files using Logstash filters such as the GeoIP filter to geo-locate IP addresses and generate item-count or heat maps.
- Fuzzy hashing. With SSDeep “fuzzy” hashes, Nuix Incident Response can identify near-duplicate executable files such as malware that modifies itself as it replicates over a network. The application can also import SSDeep hash lists to leverage third-party intelligence feeds, and export hashes of newly identified malware.
“With Nuix Incident Response, organisations can conduct post-breach autopsies across vast volumes of data from potentially thousands of endpoints, applying contextual intelligence and establishing links and relationships across the evidence” said Stuart Clarke, Director of Cybersecurity and Investigations at Nuix. “These are an essential capability if organisations are to contain external or insider breaches before they become highly damaging public events.”