This is a group that has a very wide reach. There is a lot that one can categorize as“analysis and testing” so coming up with Innovators should not have been too difficult. However, we found that there is a lot of “business as usual” in this group and not a lot of really eye-popping innovation.
What we ended up with was a couple of very interesting products – one an old friend and one a new acquaintance. But what was really interesting to us was the spread between the two. On one hand we have an Innovator that has evolved a seemingly endless array of ways to perform – and, more importantly, use – vulnerability assessment. On the other, we found a forensic tool that really goes the extra mile to solve tough cyberforensic problems. Also, due to a major announcement in the digital forensic world, we added another Innovator at the last minute. This one is so far out there in terms of innovation that it would not have made sense to miss them this year.
The point is that the analysis and testing world is busy looking for new ways to gather and analyze data, to be sure. But it also is a major challenge to take that analysis and do something really useful with it. Innovation in this product area demands that information be applied usefully. That means that intelligence – and, certainly all information gathered as a result of analysis or testing is intelligence – needs to be actionable.
Making the results that these tools generate actionable is the real differentiator between an Innovator and just another product company with a good – maybe very good – product that offers nothing truly unique to its users. Over the years we have seen some very strong products in this space. In those past years, innovation that gave new ways of testing and new ways of displaying data was pretty good. Today, though, that is not good enough.
All of that said, we think that you will enjoy these three companies and we are pretty sure that you'll agree with us that what they offer is actionable results obtained and used in very creative ways.
iScan has been here before, and with good reason: iScan Online started out as one very innovative company that shook us up last year with a serious vulnerability assessment app – and a price that made it realistic for small businesses and individuals alike.
Vendor: iScan Online
Flagship Product: iScan Online
Cost: $24/device annual subscription
Innovation: Data Breach Analytics
Greatest strength: Identifying sensitive data, and actively finding what happens to it afterwards.
Founder Billy Austin introduced us to a concept he calls data breach analytics. This innovation correlates large amounts of data to find not only what happened to your data, but also how it happened and who has it now. In addition, it manages to do all of these things with a remarkable interface that makes it easy to understand for the common user.
There are three very easy deployment options: an executable, an HTML snippet and a mobile application. The idea is to identify any unencrypted data, to assume that data is sensitive and identify how a data thief could access that data, or, if they have. Almost all data breaches occur through known vulnerabilities, most of which is caused by simple misconfiguration. iScan identifies the vulnerabilities of each endpoint and reports that to you with an easy to understand account.
This is a powerful tool. It is extremely informational. It pulls up statistics for all data at risk – everything from PII, such as credit cards and SSNs, to a proprietary PDF. iScan Online's report estimates a value for everything and provides an estimate on how much money in liability is at risk with the potentially exposed data.
All these things are remarkable on their own, but what really innovates, in our opinion, is what Austin referred to as the roadmap. iScan aims to tell you when you lose data, where you lost it, and how you lost it. It also aims to tell you where the sensitive data is now, and how it got there, something no one else does. This distinguishes iScan Online as an innovator.
We're not quite sure where iScan Online will go next but if Austin and company continue down their present road we'll certainly see them in the Hall of Fame next year. – Ben Jones, SC Lab review team
Not long ago, we heard that AccessData, one of our perennial favorites in the digital forensic space, had split off a new company called Resolution1 Security. We were pleased to hear this because we have been working with the Resolution1 platform for several months and are highly impressed with it. There is absolutely nothing on the market today that can compete with it. The entire concept was born out of the innovations of a very small group at AccessData.
Vendor: Resolution1 Security
Flagship product: Resolution1
Cost: Depends upon configuration and number of agents.
Innovation: Complete 360-degree digital forensic incident response and eDiscovery.
Greatest strength: There is nothing available today with the depth and breadth of this product when it comes to identifying, responding to and remediating digital incidents.
Resolution1 is what we refer to as a 360-degree tool. By that we mean that it detects, analyzes, reports, interdicts and remediates all on its own. It is a collection of tools that can cover just about any type of digital forensic incident response (DFIR) scenario. It has the ability to use indicators of compromise for “IOC hunting," it can grab forensic images or partial images of potentially compromised computers and it can analyze the data stream. It is a digital forensic, network forensic, malware forensic investigative tool designed and integrated particularly to deal with large-scale attacks and breaches.
Very rarely does one hear about a product that was developed in response to the question, “If you could have anything and everything that you wanted in a tool, what would you have?” It seems clear to us that this was the genesis of Resolution1.
R-1 is an agent-based tool. You place R-1 agents strategically across your network and the agents do the data collection and transfer tasks. You even can place them across the internet if you have locations that are autonomous. From the main console you configure the agents and determine their activities. Everything is set up in “projects” and you have very granular control of those project and who can access them.
This is a very big tool with a very large capability. But if you are a large organization, or one with a target on your back, you really must take a close look at this. It will be well worth your time to see what this Innovator has come up with.
There are a lot of tools intended to find internet-based artifacts during a forensic analysis of a computer's hard drive. Most of them are pretty good. This product, Internet Examiner Toolkit, or IXTK for short, though, is great. When you start looking at this tool it is almost as if you started out by asking, “What would I like this tool to do?” and then discovering that whatever your reply, it does it.
Flagship product: Internet Examiner Toolkit (IXTK)
Cost: $1,995 Innovation: Internet-based evidence discovery.
Greatest strength: Broad range of internet-based artifacts and support for 17 different languages and real-time collection of live internet evidence.
A couple of highlights: Would you like to be able to extract social media conversations in a foreign language? No problem. IXTK supports 17 of them. How about real-time collection of evidence on the internet? No problem. It does that too. Of course it collects browser artifacts, chat, email and instant messages. But it also grabs pictures, videos, social networking and peer-to-peer communications. It supports Facebook, Skype, Twitter, Kik and YouTube directly and can access just about any popular forensic image format. It can analyze video evidence in a frame-by-frame mode. In short, this almost is the Swiss Army Knife of internet evidence tools.
We say "almost" because, of course this Innovator always is looking for new things to add and new ways to analyze. This product was created to support the fight against crimes against children. But it goes far beyond that now.
We have used this tool in the SC Lab for several months now and it is clear that it was created by law enforcement for law enforcement. We have yet to find an internet browser in common use that it doesn't support (Internet Explorer, Chrome, Firefox, Safari, Opera) and using it is a walk in the park. That's important because time is critical in an age where virtually every digital forensic lab is backlogged with months of work stacked in the evidence locker waiting its turn for analysis.
The driving force behind IXTK is a former law enforcement officer with the vision of developing the way internet-based evidence is identified, collected and examined. After using this tool in live investigations, we think there's a pretty good chance he will succeed.