Data breach risk intelligence in the incident responders toolkit

Carl Banzhof

At MAX Risk Intelligence, we are constantly advancing our Data Breach Risk Intelligence platform to help organizations understand and quantify the potential cost of a data breach. Today, we are introducing capabilities that also help organizations quickly identify when a cyber breach has already occurred.


As security professionals, we've all been in the situation where you see some suspicious activity on a particular host, collect samples and submit them to various sources for further malicious file intelligence. Then when you have received confirmation from your anti-malware vendor or other threat intelligence source that it is indeed a malicious file, you have to wait for the vendor to create a detection and remediation signature. It can take precious hours to receive the signature updates and deploy through the organization. Meanwhile, you have to wait and try to figure out how many hosts are infected with the same malicious code.

So today we also introduced a powerful new File Finder scan that can help organizations quickly assess all hosts across the enterprise for the presence of files based on pattern matching and hash techniques  (MD5, SHA1 & SHA256). This powerful scan can be deployed using the CLI (command line scan) via your favorite systems management tool or McAfee ePO to quickly identify potentially infected hosts with similar file patterns and hashes. Thereby allowing IT personnel to quickly quarantine and prioritize the remediation of affected hosts. The file finder is supported on Windows, Mac and Linux platforms and is available today.

Of course this is just one example of the powerful capabilities of the File Finder scan. There are several other use cases including using it to detect sensitive corporate data and showing which groups/users have access to the data. What are some of the uses for your organization? Write us and tell us your experience.