Policy, Critical infrastructure

2013 Industry Innovators: Analysis and control

December 2, 2013

This category has long been one of our favorites. Over the years we have seen some pretty exciting products and companies go through this group and many have passed into our Hall of Fame. Analysis and testing covers the entire gamut of testing – from forensic tools to penetration testing. This year we include one of each. We have a company that is the market leader in mobile device forensics and one emerging company in vulnerability and risk assessment. That one is run by one of the shining lights of another vulnerability and pen testing company that joined our Hall of Fame last year, Saint.

Testing and analysis holds a very special and sometimes misunderstood place in the information security pantheon. Being analysis, it requires special skills and knowledge on the part of the test engineer. That said, tool-makers are striving constantly to develop testing and analysis tools that require as little intervention from humans as possible. With systems becoming larger and more complex at an almost logarithmic rate, this is both necessary and much easier to say than to do.

The tools we featured in the past attempted, usually with good success, to achieve this. Sadly, there are many tools that achieve the automation but fail on the functionality needed to be truly useful. That is not the case here, of course.

This is our definition of the ultimate type of testing tool: simple, fast and comprehensive at the appropriate level or much deeper and more comprehensive when needed for more complete analysis.

The other tool really isn't a tool. Rather, it is a service, and it is simplicity itself. It is extremely cost-effective, nearly hands-off in operation and it gives specific results that are key. This is a case of giving back absolutely nothing that is not required under the circumstances. That makes it easy to use and interpret while at the same time providing exactly what the user expects it to provide. It doesn't get much better than that.

So, bottom line for this category? Appropriate to the testing task, effective, comprehensive with the right amount of human intervention and cost-sensible. That is what we found this year in our Innovators for this group.

Cellebrite

Cellebrite is one of those companies that doesn't really surprise us. It simply satisfies market needs, competently, creatively and usually just a bit ahead of the curve. When your products are aimed at forensic testing, that stability is a good thing. It engenders confidence in the veracity of your product's results, something absolutely crucial in the forensic field. However, that certainly is not intended to imply that Cellebrite is a slow-moving company. Far from it. These folks' commitment yields top-drawer results and that is what we have come to expect from this Innovator.

AT A GLANCE 

Vendor: Cellebrite  

Flagship Product: UFED Touch Ultimate, UFED 4PC Ultimate, UFED Link Analysis 

Cost: UFED Touch Ultimate starts at $10,500; the 4PC starts at $9,000; and the Link Analyzer starts at $2,400.

Innovation: Comprehensive, highly portable mobile device forensics. 

Greatest Strength: Solid understanding of customer needs and the advanced technology to support them.

Cellebrite provides some first-rate forensic tools for mobile devices. They understand that market well and they address it with a variety of innovative products. Over the past year – since they last appeared in this issue – Cellebrite has added several new products and features. Among other things, there now is a software version of its flagship product UFED Touch. This lets forensic examiners who do most of their work in the lab add the UFED to a forensic tool set that already resides on their computer.

Also new this year is the link analyzer. We have been using link analysis for years and, in fact, our favorite general purpose link analyzer is Analyst's Notebook from i2. But the Cellebrite link analyzer is designed to make powerful, non-obvious associations in the mobile device domain and it takes its input from the UFED, whether physical or logical. The project analytics function on the UFED Physical also is new and this is another one of those tools that we're not sure how we did without before it appeared.

Finally, training enhancements, xml outputs, coexistence with EnCase and FTK and improved passcode-bypassing rounded out a year when this Innovator looked at what its market needed and gave it to them. We like Cellebrite for its innovation, creativity and solid competence. As well, the company's support is in what we consider the top tier, certainly up there with some of the finest large companies we know.

iScan Online

It's the people, stupid! That probably is stretching the Clinton campaign slogan a bit, but in the case of iScan Online it really fits. The founder of iScan is none other than one of the founders of another fine innovator, Saint. And it's no surprise that both companies are in the vulnerability assessment game. There is one huge difference between them, though. Saint is a professional tool for professional penetration/vulnerability testers, and a very fine one it is, too. iScan Online is a vulnerability assessment tool for the rest of us.

AT A GLANCE

Vendor: iScan Online 

Flagship Product: iScan Online COST: $2 monthly or $15 annually (per device). 

Innovation: Extremely low-cost vulnerability scanning from the cloud; easy to use with strong, simplified, actionable reporting.

 Greatest Strength: Deep market and vulnerability assessment knowledge is the DNA of the company.

The innovator who put this together, one Billy Austin (from Dallas), introduced us to this service about a year ago. We've been watching it and it has grown. Austin certainly knows how to turn a phrase, and when he told us about the functionality his service has – web-based, self-service vulnerability scanning, complete visualization of endpoints, 60 seconds or less to run regardless of the number of endpoints, and scans inside of OST and PST email files to name just a few – all for the price of a Chicken McNugget, we were hooked, if a tiny bit skeptical. A deeper dive into how it does what it does convinced us that this really is a sterling example of forward-thinking innovation.

iScan Online works by executing a small script to run a small binary that sits on the endpoint. The script can be set to run using Active Directory, for example. And the endpoint basically is scanning itself. That's how iScan achieves such remarkably fast scan times. The endpoint does not do any analysis, though. That all is done from the cloud. The service produces first-rate HTML reports that are simplified so that managers can get the important information quickly and accurately, plus they are presented in terms of solutions, not problems. This puts the reports directly in the actionable information class, rather than the obscure reporting that often is seen. PCI scans, PAN scans (to identify credit card info that is not secured), and vulnerability scans all are available.

This is a potential killer app in the vulnerability management domain. One huge benefit we see is that it is accessible to small and midsized businesses based on its reasonable cost and its ease of use. That's good news because those are exactly the businesses that usually are considered low-hanging fruit by the bad guys. Oh, and those mobile device endpoints? Don't worry. They're covered too.

prestitial ad