Symantec to Acquire Clearwell Systems

Melisa LaBancz-Bleasdale — Tue, 24 May 2011 06:05:18 +0000

Symantec Corp. announced it has signed a definitive agreement to acquire privately-held Clearwell Systems, Inc., a recognized leader in the eDiscovery market. The acquisition of Clearwell enhances Symantec’s position as a leader in security. The move, Symantec says, will provide customers one of the most comprehensive information management solutions available. Under the terms of the agreement, Symantec will acquire Clearwell for a purchase price of approximately $390 million, net of Clearwell’s existing cash balance of approximately $20 million.

“As information continues to grow at unprecedented rates, the biggest challenge for customers is to protect, manage and backup this information as well as have the ability to categorize and discover it efficiently,” said Deepak Mohan, senior vice president, Information Management Group, Symantec. “The acquisition of Clearwell’s market leading electronic discovery solution will further increase Symantec’s ability to get the right information, to the right people, at the right time, while reducing overall legal review costs and limiting risk.”

Clearwell’s eDiscovery solution will complement and enhance Symantec’s Enterprise Vault eDiscovery capabilities and the companies hope the move creates a more complete end-to-end eDiscovery solution. The existing integration of Enterprise Vault with the Clearwell eDiscovery Platform is thought to enable Symantec to quickly help IT and legal users streamline and reduce the cost, time and risk of eDiscovery across the most relevant information sources including email, desktops, file servers, backups and the cloud.

This acquisition will expand Symantec’s addressable market opportunity and the company believes it will position them as a leader in the fast-growing eDiscovery software market, which, according to Gartner, is growing at a compounded annual growth rate of 14 percent and is estimated to reach $1.7 billion by 2014. In addition, this acquisition is expected to provide future cross-sell and product integration synergies across Symantec backup and security, by leveraging Symantec NetBackup, Data Loss Prevention and Data Insight.

“Archiving and eDiscovery are two critical elements of information governance,” said Aaref Hilaly, president and chief executive officer, Clearwell Systems. “By joining forces and combining the industry’s leading archiving solution with the industry’s leading eDiscovery solution, we will be uniquely positioned to deliver a seamless, integrated information governance workflow, benefitting both Symantec and Clearwell customers.”

Organizations are being required to adopt more formal information governance processes to help reduce the costs and risks associated with legal discovery. According to Gartner, through 2012, companies without an information governance strategy and technology for content archiving solutions, will spend a third more on eDiscovery than those with content archiving solutions. Together Symantec and Clearwell are positioned to offer customers the ability to both proactively and reactively manage and discover their information with increased speed, efficiency and scale, both on-premise and in the cloud, while at the same time helping customers reduce costs and risks.

Demystifying Cloud Forensics

Melisa LaBancz-Bleasdale — Wed, 16 Mar 2011 03:02:44 +0000

I’ve made no secret of the fact that the “Cloud” is like Santa to me. I believe it exists, it does magical things, and somehow just the thought of it is weirdly comforting. I have a lot of questions that still keep me up at night though, such as, ‘How will we ever secure it?’ This despair is followed closely by, ‘Is it possible to forensically investigate it?’

I did a quick search on Google using “Cloud Forensics” as my search criteria and came up with nothing useful. There was an article posted on Brighthub but it seemed to be an excellent example of a whole page that didn’t say anything. Beyond that, I was on my own. Pondering the unsafe-seeming and non-investigate-able Cloud, I felt it best to turn to experts I trust to calm my fears. I contacted Mark Spencer, Principal and CEO of Arsenal Consulting in Boston, MA.

Spencer explains that as we are moving from an on-site-assets model to a cloud-based model, the way we protect, find, store and investigate data is rapidly changing. Arsenal, he says, is seeing an increased emphasis on privacy and adoption of secure protocols (e.g. HTTPS), “Our company and our clients are more reliant on “hidden” metadata, data carving, and network forensics. Most of our clients still think the electronic evidence they seek exists on a laptop, desktop, or server when in fact those locations are just part of the electronic evidence puzzle… particularly with increased use of the Cloud.”

Spencer said that it’s important to demystify the Cloud before getting deep into the concept of forensics though, “The Cloud represents services on the Web that store (and possibly process) your data. The Cloud has been around for a long time (think Webmail), but how we refer to it, and the extent to which we rely on it, has evolved. Computer forensics involves identifying, preserving, analyzing, and reporting on electronic evidence using methods acceptable in courts of law. “Cloud forensics” simply refers to a particular kind of computer forensics and is not a new phenomenon.”

Lodrina Cherne, Computer Forensics Analyst at Arsenal, refers to the National Institute of Standards and Technology’s (NIST) definition of the Cloud , which defines three different service models and four ways to deploy a Cloud.

“According to NIST, no matter what form of the Cloud is in, each has five essential characteristics: On-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. I can get my data when I want, over some kind of network, and even though the data might be coming from different places and my computing power shared with others, somehow the back end is going to scale up or down to fulfill my needs. At a simpler level, accessing your Webmail is using a cloud. On one hand, the Cloud isn’t such a big, scary, nebulous thing. We’ve been dealing with it for a long time. On the other hand, as businesses use Cloud infrastructure for more computing power, storage, or needs we haven’t even imagined, we’re going to have to account for where that data physically sits.”

I worry how investigative best practices are going to be affected by the Cloud and whether forensic methodologies will still apply. Cherne says that questions of jurisdiction are going to become more important to investigators but best practices should remain the same—making sure they perform preservation, analysis, and reporting in a legally defensible manner.

Spencer adds that computer forensics methodologies apply to electronic data whether it exists on a hard drive in your laptop, a backup tape at a warehouse down the street, or in the Cloud spread across multiple servers around the world.

“Once a computer forensics practitioner knows where electronic evidence exists, he must create a plan to preserve that data in the most complete, but least invasive way possible. Best practices regarding preservation of electronic evidence in the Cloud are specific to each [Cloud] service, so it’s important a practitioner perform thorough research and testing before implementing a preservation plan.”

I wondered about the early adopters—organizations that already do most or all of their business “in the Cloud” such as start-ups with few on-site assets and/or people? Could they be forensically investigated?

“Of course,” Spencer reassures me, “Remember, the core tenets of computer forensics still apply to the Cloud. The format, volume, and other variables related to the data may be different than what we’ve dealt with in traditional computer forensics, but it’s data nonetheless.”

Asked whether Spencer believes in the Cloud, he politely declines to elaborate on whether or not he thinks it’s a good thing, but he does point out that it’s not without benefits, “In some ways it lets corporate IT staff off the hook. Basically, companies are able to shift responsibility for storage, maintenance, monitoring, and more to a service rather than having to perform these functions themselves.”

What he finds troublesome though, is that many companies will not know exactly where all their data exists in the Cloud. Worse, he feels, is that many companies won’t even know what data they put “out there”.

“What about the policies of the service providers when it comes to things like auditing (logs!) and monitoring for security incidents, subpoena compliance, disaster recovery, background checks on their employees, etc.? My concern as a computer forensics practitioner is that some companies have been lulled to sleep by pretty Web interfaces.”

Among the challenges organizations will face in relation to computer forensics in the Cloud, says Spencer, will be the need for more subpoenas, more legal motions and more work for lawyers.

Cherne adds that jurisdiction is currently the biggest issue investigators are focused on so far, “I think some of the more interesting issues could come out when looking beyond who the custodian of data is and where they are. What about when someone forgets to pay the data hosting bill and their service provider holds hostage or deletes client data? How about subscribing to a Cloud service that claims to back up customer data but doesn’t, or does so incorrectly?”

With so much at stake, what should companies be doing to prepare? Spencer feels that when it comes to reacting to an incident, information security staff should know what their limitations are and what resources are available to them, “Learning on the job (in the traditional sense) is not acceptable in computer forensics, and it’s even less acceptable when dealing with the customization needed to properly address electronic evidence in the Cloud. Once information security staff confirms they have an incident, they should get computer forensics practitioners (whether in-house, consultants, or law enforcement) involved immediately.”

Email Forensics

Symantec to Acquire Clearwell Systems

Demystifying Cloud Forensics