Following a data breach, investigators need as much information as possible on exactly what data was stolen during a breach. In recent years there have been numerous high-profile data breaches of critical importance. Edward Snowden has become a household name but there are many others such as Joshua Shulte.
Incident Response teams can often determine which endpoints adversaries accessed, but not what data was stolen. This can set teams back for years and create substantial risk for organizations and in certain situations people’s lives as well.
Cigent K2 and Everest capture comprehensive data access logs of all activity on the drive. The data is read only and fully encrypted. Access is protected by the firmware and only accessible with specialized proprietary software only available from Cigent. The firmware protects data logs from being wiped during a full drive wipe. And there is no impact to user experience or drive performance and it uses very minimal storage.
This capability enables incident response teams and organizations to know exactly which files were stolen by adversaries so they can respond quickly and decisively.