Category Archives: Cloud Data

Dark Web Evidence Critical to all Cyber Investigations and Many eDiscovery matters

The dark web is a component of the World Wide Web that is only accessible through special software or configurations, allowing users and website operators to remain anonymous or untraceable. The dark web forms a small part of the deep web, which is the part of the Web not indexed by web search engines. The dark web has gained more notoriety over the past few years and several large criminal investigations have resulted in seizures of both cryptocurrencies and dark web pages and sites. Criminal enterprises involving counterfeiting, hacking, ID and IP theft, narcotics, child pornography, human trafficking, and even murder for hire seek a haven in the mist of encrypted communications and payment, such as Bitcoin, to facilitate their nefarious schemes. dark web

While mining the dark web is critical for many law enforcement investigations, we are also seeing increased focus on this important evidence in civil litigation. Fero v. Excellus Health Plan, Inc., (Jan. 19, 2018, US Dist Ct, NY), is one recent example. Fero arises out of a data breach involving healthcare provider Excellus Health Plan, Inc. According to the complaint, hackers breached Excellus’s network systems, gaining access to personal information millions of individuals, including their names, dates of birth, social security numbers, credit card numbers, and medical insurance claims information. The Plaintiffs brought a class action asserting claims under various federal and state laws.

Initially, the court dismissed the plaintiffs’ case, citing a failure to establish damages and actual misuse by the hackers who allegedly stole their information. However, after conducting a more diligent investigation, the plaintiffs submitted with their motion for reconsideration evidence that the plaintiffs’ PII was placed on the dark web.  This evidence was summarized in an expert report providing the following conclusion:  “it is my opinion to a reasonable degree of scientific certainty that PII and PHI maintained on the Excellus network was targeted, collected, exfiltrated, and put up for sale o[n] DarkNet by the attacker for the purpose of, among other things, allowing criminals to purchase the PII and PHI to commit identity theft.”  Fero, at 17.  Based on this information, the court granted the motion for reconsideration and denied the defendant’s motion to dismiss. In other words, the dark web evidence was game-changing in this high-profile class action suit.

Cases like Fero v. Excellus Health Plan illustrate that dark web evidence is essential for criminal and civil litigation matters alike. Dark Web investigations do require specialized knowledge and tools to execute. For instance, X1 Social Discovery can be easily configured to conduct such dark web investigation and collections.

Recently, Joe Church of Digital Shield led a very informative and instructive webinar on this topic. Joe is one of the most knowledgeable people that I’m aware of out there on dark web investigations, and his detailed presentation did not to disappoint. Joe’s presentation featured a concise overview of the dark web, how its used, and how to navigate it. He included a detailed lesson on tools and techniques needed to search for and investigate key sources of evidence on the dark web. This webinar is a must see for anyone who conducts or manages dark web investigations. Joe also featured a section on how to specifically utilize X1 Social Discovery to collect, search and authenticate dark web evidence. You can review this very informative 30 minute training session (no sign in required) by visiting here.

Leave a comment

Filed under Best Practices, Case Law, Case Study, Cloud Data, dark web, eDiscovery, Preservation & Collection, Social Media Investigations, Uncategorized

Microsoft Office 365 is Disrupting the eDiscovery Industry in a Major and Permanent Fashion

The adoption of cloud-based Microsoft Office 365 (“O365”) within enterprises is growing exponentially. According to a 2016 Gartner survey, 78 percent of enterprises use or plan to use Office 365, up from 64 percent in mid-2014. O365 includes built-in eDiscovery tools in the Security and Compliance Center at an additional cost. Many, but not all, O365 customers are utilizing the internal eDiscovery module, to which Microsoft is dedicating a lot of effort and resources in order to provide a go-to solution for the eDiscovery of all information located within O365. o365-logoBased upon my assessment through product demos and discussions with industry colleagues, I believe Microsoft will achieve this goal relatively soon for data housed within its O365 platform. The Equivio eDiscovery team that transitioned over to Microsoft in a 2015 acquisition is very dedicated to this effort and they know what they are doing.

But as I see it, the O365 revolution presents two major takeaways for the rest of the eDiscovery software and services industry. The first major point comes down to simple architecture. Most eDiscovery tools operate by making bulk copies of data associated with individual custodians, and then permanently migrate that data to their processing and/or review platform. This workflow applies to all non-Microsoft email archiving platforms, appliance-based processing platforms, and hosted review platforms. As far as email archiving, a third-party email archive solution requires the complete and redundant duplication, migration and storage of copies of all emails already located in O365. This is counter-productive to the very purpose of a cloud-based O365 investment. We have already seen non-Microsoft email archiving solutions on the decline in terms of market share, and with MS Exchange archiving becoming much more robust, we will only see that trend accelerate.

eDiscovery processing tools and review platforms are also fighting directly against the O365 tide.  This is especially true for processing appliances (whether physical or virtual), which address O365 collections through bulk copy and export of all of the target custodians’ data from O365 and into their appliance, where the data is then re-indexed. Such an effort is costly, time consuming, and inefficient. But the main problem is that clients who are investing in O365 do not want to see all their data routinely exported out of its native environment every time there is an eDiscovery or compliance investigation. Organizations are fine with a very narrow data set of relevant ESI leaving O365 after it has been reviewed and is ready to be produced in a litigation or regulatory matter. What they do not want is a mass export of terabytes of data because eDiscovery and processing tools need to broadly ingest that data in their platform in order to begin the indexing, culling and searching process. For these reasons, most eDiscovery software and compliance archiving tools do not play well with O365, and that will prove to be a significant problem for those developers and the service providers who utilize those tools for their processes.

The second major O365 consideration is that organizations, especially larger enterprises, rarely house all or even most of their data within O365, with hybrid cloud and on-premise environments being the norm. The O365 eDiscovery tools can only address what is contained within O365. Any on-premise data, including on-premise Microsoft sources (SharePoint, Exchange and Office docs on File Shares) cannot be readily consolidated by O365, and neither can data from other cloud sources such as Google Drive, Box, Dropbox and AWS. And of course, desktops, whether physical or virtual, are critical to eDiscovery collections and are also not supported by the O365 eDiscovery tools, with Microsoft indicating that they do not have any plans to soon address all these non-O365 data sources in a unified fashion.

So eDiscovery software providers need to have a good process to perform unified search and collection of non-O365 sources and to consolidate those results with responsive O365 data. This process should be efficient and not simply involve mass export of data out of O365 to achieve such data consolidation.

X1 Distributed Discovery (X1DD) is uniquely suited to complement and support O365 with an effective and defensible process and has distinct advantages over other eDiscovery tools that solely rely on permanently migrating ESI out of O365. X1DD enables organizations to perform targeted search and collection of the ESI of up to thousands of endpoints, as well as O365 and other sources, all in a unified fashion. The search results are returned in minutes, not weeks, and thus can be highly granular and iterative, based upon multiple keywords, date ranges, file types, or other parameters. Using X1DD, O365 data sources are searched in place in a very targeted and efficient manner, and all results can be consolidated into Microsoft’s Equivio review platform or another review platform such as Relativity. This approach typically reduces the eDiscovery collection and processing costs by at least one order of magnitude (90%). For a demonstration or briefing on X1 Distributed Discovery, please contact us.

2 Comments

Filed under Cloud Data, compliance, eDiscovery, Uncategorized

A Series of Firsts: How X1 Sets the Standard for the New Enterprise Search Market

by Barry Murphy

The new world of IT demands that enterprise software support varying infrastructures – traditional managed data centers, the cloud, hybrid and virtual environments.  As a result, old-school approaches that once seemed logical no longer work in today’s reality.  For example, tightly-coupled search appliances that marry hardware and software together no longer meet the requirements of enterprises that need to make distributed workers more productive no matter what kind of device they are on.  It’s a new world for enterprise search and traditional solutions will have a very hard time adapting and scaling.

X1 is ready for the IT reality of always-on, virtual, cloud, and hybrid environments and business mobility.  This is evidenced by two “firsts” that X1 is proud to announce.  First, X1 is the first search application with an app publicly available in an Enterprise Mobility Management (EMM) app store.  X1 Search Mobile is available in the AirWatch marketplace.  Given the rapid move to mobile devices for work, this is no small news.  Google just announced on Friday that searching the web is now predominantly done from mobile phones.

Click to enlarge image

Click to enlarge image

It’s clear, then, that enterprise search from the mobile device is now an essential requirement for business professionals.  The mobile search app is important, but what X1 is building out is much more than that.  In order to effectively deliver enterprise search from the mobile device requires having the back-end infrastructure to support full enterprise search in virtual environments.  It also requires supporting the next-generation desktop (VDI or DaaS) where the users live. X1 has uniquely mastered such back-end infrastructure with the only desktop search (VDI or otherwise) and enterprise search solution that are VMware Ready certified.

The second “first” that X1 is proud of is the listing of X1 Rapid Discovery in the Amazon AWS Marketplace.  Again, this is no small feat – this is the first enterprise-grade search and eDiscovery application to be available in the AWS Marketplace.

AWS marketplace

Click to enlarge image

Organizations storing content in AWS can now get full-featured enterprise search and eDiscovery deployed right next to their content.  And, if these organizations store other content locally, they can deploy Rapid Discovery in their own data center as well and have a single-pane-of-glass across all information no matter where it lives.

X1 will continue to provide solutions that work in the infrastructures that organizations utilize today.  The traditional approach to search will not work, but with X1, companies will have the flexibility to deploy into any environment and give users a powerful search experience on any device.  That is a powerful productivity tool – and businesses require worker productivity the same way humans require oxygen.  It is a new enterprise search market out there and X1 is uniquely positioned to lead the charge.

1 Comment

Filed under Cloud Data, eDiscovery, Enterprise eDiscovery, Hybrid Search, Information Management

X1’s Microsoft Enterprise Search Strategy: Better Than Microsoft’s?

By John Patzakis

microsoftIt seems obvious to say, but Microsoft is furthering its supremacy in the enterprise. While Microsoft has always dominated with is ubiquitous OS, it is dramatically consolidating its presence in terms of data sources. Outlook is only increasing in market share with corporate Gmail largely a flop and IBM’s Lotus Notes in full retreat. SharePoint continues to spread across enterprises large and small, dominating the ECM landscape. OneDrive for business, with its tight integration with the Windows 10 OS, essentially zero cost, and built-in active directory security, looks to eventually capture the enterprise file synch and sharing space. And Office 365 combines Exchange, SharePoint, and OneDrive into an integrated cloud offering (but not search – more on that in a bit). Finally, Skype for Business and OneNote round out the data sources that we believe will soon constitute up to 90 percent of enterprise data relevant for business productivity. So I would argue that we are entering a new era of Microsoft dominance.

And actually, this good news for X1 users, and we believe a key reason for the resurgent high growth we are seeing here at X1. Why? Each of those mentioned Microsoft data sources are either currently supported by X1 or will be supported within 12 months’ time, and X1 provides a much better user search experience than even Microsoft does. As an example, any X1 user will tell you X1 provides a much better search of Outlook and Exchange email than Outlook itself, and the simple viewing of this SharePoint video should convince anyone that our SharePoint search experience is far superior than that of native SharePoint. The same is true of local and network documents and very soon OneDrive (September 2015), and after that Skype for Business.

But even more important than having a better search experience for individual Microsoft data sources, what X1 uniquely provides is a popular and intuitive unified interface or a “single pane of glass” from which to search all of these various data sources. To be able to search your emails, your files, your SharePoint, your OneDrive, and all the other Microsoft data sources from that single interface is extremely compelling. In fact, Microsoft itself does not really have a single pane of glass capability. You cannot effectively search your SharePoint or OneDrive from Outlook, just as you cannot search your emails, Skypes or your local documents from SharePoint.

This new era of Microsoft data source dominance presents important considerations for organizations when selecting enterprise search solutions. Many enterprise search solutions are simply not architected to effectively support this new paradigm and thus are fighting against the Microsoft current, instead of providing a unified search platform, such as X1, that augments and strengthens a company’s Microsoft strategy. To summarize, here are five key reasons X1 excels in this new Microsoft era:

  1. X1 Starts with End User’s email and files. Most enterprise search solutions address enterprise data sources on Intranets, databases, and file shares, but ignore the end users email and local documents. This is missing about 80 percent of the end user’s key business data, while focusing on the data in the margins. To be successful in this new Microsoft era, a true productivity search solution should begin with the end users’ local emails, attachments and documents and extend to SharePoint, file shares and other key enterprise sources, all in a single pane of glass.
  2. No or Minimal Data Migration. Other enterprise search tools uniformly provide web portals for employees to search for their content. This is fine for some Intranet sites and other web-based data, but is not where you want search your day-to-day emails and working documents. And when it comes to SharePoint, any suggestion that such data should be migrated out of SharePoint just so another enterprise search vendor can search it on a similar website is a non-starter. For a successful Microsoft strategy, the indexes must be on a local, physical or virtual desktop (or laptop), indexed in place, or federate to the built-in native FAST indexes. Data migration out of Microsoft data sources no longer make any sense and should be a thing of the past.
  3. X1 Supports Virtualization and Cloud. The next generation enterprise is virtual, whether cloud or on premise. With Microsoft Azure, Office 365 and Microsoft data sources being able to be deployed in these and on-premise virtual environments, enterprise search, including desktop search (VDI and DaaS) platforms need to do so as well. This is a significant challenge for most enterprise search tools that are either hardware appliances or require intricate and labor intensive installation onto physical hardware.
  4. X1 provides a better search experience than Microsoft does. “Good enough” is not good enough when it comes to search. It does not make sense to invest in an enterprise search solution for business productivity search, unless there is a significant improvement in the end-users search experience for emails, files and SharePoint data. The main reason enterprise search initiatives fail is because the stakeholders do not appreciate that business productivity search is all about end-user experience. Without the end-users embracing your search platform in practice, as X1 users do, the project will fail, no matter how cool the analytics and advanced algorithms sound in theory.
  5. Unified Single Pane of Glass. Providing one single pane of glass to a business worker’s most critical information assets is key. Requiring end-users to search Outlook for email in one interface, then log into another to search SharePoint, and then another to search for document and OneDrive is a non-starter. A single interface to search for information, no matter where it lives fits the workflow that business workers require.

These are all very important factors for buyers of enterprise search solutions to consider in the new Microsoft era, and we of course believe X1 is uniquely up to the task.

Leave a comment

Filed under Business Productivity Search, Cloud Data, Enterprise Search, Virtualized Environment

Gartner Names X1 A Cool Vendor In Endpoint Computing, 2015

It is always gratifying to receive market recognition for your products.  At X1, there is major momentum around the X1 Search Virtual product that enables desktop search in virtual desktop infrastructure (VDI), without the need for Windows indexing (which chews up a lot of VDI resources).  Gartner_cool_venderBecause the user experience is key to broader VDI adoption, the X1 Search capabilities complement VDI technology very well.

At X1, we are extremely proud to be included in the list of “Cool Vendors” in the EndPoint Computing 2015 report by Gartner.  According to Gartner’s report, “endpoint computing vendors are trying to innovate with products that address old problems as well as products that address shortcomings of new technologies.” Platforms like VDI and DaaS hold great promise, but the user experience with VDI is often suboptimal, thereby hindering widespread adoption

Gartner makes remarks about X1 in the Key Findings and Recommendations section of the report. It is extremely gratifying to get this kind of recognition from the respected analysts at Gartner. Please read the full report to learn what Gartner has to say.

The market recognition is coming from customers, too.  Check out the compelling case study of a large Federal government DoD agency deploying X1 Search Virtual to provide users with a superior search experience.  It’s a great example of customers realizing that end-users need to be satisfied with technology in order to adopt it.

X1 Search provides users the ability to search a single, unified interface for content that may live in diverse locations – email, files, network file shares, email archives, Box and SharePoint. With X1’s single-pane-of-glass view of this content, workers can very quickly find the information no matter where it lives.

For a complimentary copy of the Cool Vendors in Endpoint Computing, 2015 report, please click here.

Leave a comment

Filed under Cloud Data, Desktop Search, VDI