EMC Unity All-Flash Storage Accelerates Cyber Investigations

Cyber security is on everyone’s mind these days, and for good reason. We’ve all heard or read about high-profile hacks where sensitive personal records were breached or millions of dollars were stolen. The business impact on the targeted companies can be tremendous, ranging from bad press and a tarnished reputation to lost revenue and hefty regulatory fines. The worst cases have even put firms out of business.cyber-investigation

Within BRG’s Global Cyber Security and Investigations practice, we have built a diverse and experienced group that helps organizations assess unique security risks and deploys fast, effective response teams when breaches occur. Our practice includes veteran FBI agents and federal prosecutors who have conducted some of the most high-profile cyber investigations in recent history, computer scientists who have developed innovative and state-of-the-art investigative tools and techniques, and security engineers who have years of experience analyzing and securing corporate IT infrastructure across myriad industries.

We know first-hand from our real-world experience how important it is to systematically analyze the facts and electronic evidence to identify threat actors, mitigate data loss, maintain business continuity, and ultimately mount a legal response. In every case, our response time is one of the most critical client considerations.

Think about it. If your company is in the middle of getting hacked, the management team wants answers, not excuses while their incident response team is still uploading and processing evidence. When we built out our cyber security lab infrastructure, we wanted a storage system that could live up to our clients’ understandably high expectations. That’s why we chose EMC Unity’s all-flash storage platform. We looked at several other vendors and a number of storage technologies, but EMC Unity’s all-flash storage provided superior performance, expandability, and simplicity at a favorable price point.

Blazing-fast storage is critical, especially when we are dealing with massive datasets, but so is expandability. Our work regularly requires analysis of increasingly large amounts of data, including, for example: an analysis of hundreds of millions of database records related to a virtual currency-based money laundering operation; an investigation into criminal activity targeting a popular website that generated nearly 10 terabytes of logs each day; and a collection and review of nearly 20 terabytes of Microsoft Exchange data in connection with the investigation of a case of insider theft. As our practice continues to rapidly expand, we demanded a storage platform that could easily grow along with our evidence storage requirements and still provide us the performance to conduct high-speed investigative analytics for our clients.

Flexibility is also key. A complete incident response will leverage a diverse set of tools depending on the unique circumstances of the investigation. We may be using industry-standard forensic tools such as FTK or EnCase one day, running analytics against multi-terabyte Microsoft SQL Server or Cassandra databases the next, or analyzing evidence with our own in-house investigative tools. Some of our tools require block-level storage, while others need file-level storage—and extremely fast access times are necessary in all cases. Our environment is also highly virtualized, so we required a storage platform that would integrate seamlessly with VMware.

One other major consideration was manageability. We are focused on constantly delivering high-quality, rapid results for our clients, and we are not able to do that effectively if we are distracted supporting our technology. We needed a storage solution with a streamlined user interface that is easy to learn and quick to deploy, and that requires little day-to-day maintenance from our engineers.

EMC Unity provided an affordable solution that met or exceeded our requirements, which is why it is the core storage environment for our lab infrastructure. Ultimately, our cyber security and investigative work comes down to response time and accuracy. The faster we can provide actionable results to our clients, the quicker and more effective they are when responding to security incidents. That’s how we measure success.

About the Author: Matthew Edman