Intellectual Property is likely the most valuable asset that your company owns. And it can often the target of cyber attacks from external sources like hackers, as well as from insider threats too.
Insiders like employees, contractors, or other third parties with access to privileged information present a very real threat to your IP because it’s so easily available.
“It Can Be Very Difficult to Distinguish Illicit Access from Legitimate Access”
The CERT Guide to Insider Threats states that: “Insiders steal information for which they already have authorized access, and usually steal it at work during normal business hours. In fact, they steal the same information that they access in the course of their normal job. Therefore, it can be very difficult to distinguish illicit access from legitimate access.”
And it’s everywhere from emails, to Office 365 docs, cloud storage, employee workstations, and mobile devices. Keeping the proper checks and balances in place is difficult if not impossible since IP Theft is most often committed by those who have access to it (or even have helped create it).
When investigating cases of IP Theft, it’s imperative to understand at a granular level how files are moving between different locations, how they are being altered, what programs or apps are being used to access them and by whom. It’s equally important to analyze all of this evidence in one case file.
How Magnet AXIOM Cyber Can Help Investigate IP Theft
Magnet AXIOM Cyber helps investigators unite images from multiple evidentiary sources into a single case file and analyze the complete body of evidence as a whole. This is crucial for understanding how IP is exfiltrated from your business.
Watch this video to see our Forensic Consultant, Tarah Melton, demonstrate how AXIOM Cyber can be used to investigate IP Theft.
“Being able to quickly see and find evidence of IP Theft helped us immensely. Specially finding out how the document went from the cloud to a removable drive prior to the employee leaving the company to go work for a competitor.”—Manager, Digital Forensics Large Media and Entertainment Enterprise
Here are some other ways that our customers are using Magnet AXIOM Cyber to help find evidence in IP Theft investigations:
- Connections – Use Connections to follow the path of files and documents to understand where they went, who they were sent to and who sent them
- Timeline – Typically insiders will steal IP one month before they resign and one month after they resign, use AXIOM Cyber to build a timeline of events based on relative time filters so you can examine relevant events
- Cloud Storage – Acquire evidence from cloud storage services like AWS, SharePoint, G Drive, and more and include it in your examination. Audit logs and other artifacts allow you to track how files moved between physical devices and the cloud
- Artifacts-First Approach – AXIOM Cyber’s artifacts-first approach is perfect for helping you quickly identify artifacts like Email and Removable Media: the two most common data exfiltration methods
- Covert Remote Acquisition – Covertly acquire evidence from target endpoints with a configurable remote acquisition agent so employees suspected of IP theft aren’t tipped off to an investigation
- Magnet.AI – Another common way to exfil data is by using screenshots. Using artificial intelligence, Magnet.AI will immediately surface screenshots no matter where they’re saved in the evidence
Use Magnet AXIOM Cyber for your next IP Theft investigation by requesting a free trial today!