Skip to content

Fast and Simple eDiscovery with Backup and Recovery

What is eDiscovery?

Electronic discovery (sometimes known as eDiscovery, e-discovery) is one of those terms that means slightly different things in different contexts. 

For example, in legal spheres, eDiscovery involves identifying, preserving, collecting, processing, reviewing, and analyzing electronically stored information (ESI). The term also shows up in digital forensics, which focuses on identifying, preserving, collecting, analyzing, and reporting on digital information—clearly very similar, but not quite equivalent. 

In general, eDiscovery is the electronic aspect of identifying, collecting, and producing electronically stored information, such as emails, documents, databases, audio, and video files, and also includes metadata such as time-date stamps, file properties, and author and recipient information. In other words—regardless of the specific driving need—eDiscovery refers to finding and retrieving electronically stored ‘stuff’. 

Sounds easy enough, right? But as anyone who’s performed eDiscovery knows, today’s information-enabled organizations produce an awful lot of that stuff. In fact, the tendency for every single action we take to produce a digital trail led public-interest technologist Bruce Schneier to observe that “data is the exhaust of the information age” [Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, pg. 4].

Consequently, the sheer volume of electronically stored information makes eDiscovery a logistical challenge. Now, add in the time-specific nature of many requests—as in, needing to retrieve a file or record as it existed at a certain time on a certain date, a certain number of years ago—and the challenge becomes even greater. 

Beyond backup: enabling quick and simple eDiscovery

While the retention utilities included with software-as-a-service (SaaS) applications and cloud services may be adequate for retrieving something that’s a few weeks old, they certainly aren’t intended to provide—nor are they capable of providing—a substitute for long-term backup and the use cases it enables, including disaster recovery and eDiscovery.

To be resilient in the face of outages, compromises, and misconfigurations (or simply to find a crucial piece of information), your organization needs to be able to search and access SaaS and cloud data quickly and easily. Imagine the difference between a recovery mission aided by coordinates and a map versus a vague notion that someone is somewhere. 

Fortunately, with the right backup solution in place, eDiscovery really can be a breeze. Let’s look at a real-world example. 

ALPLA’s experience

With around 22,000 employees across 45 countries, ALPLA is one of the world’s leading manufacturers of high-quality plastic packaging.

The company’s rapid global expansion and cloud migration required an agile Microsoft 365 backup and recovery solution that could meet ALPLA’s need for 10-year data retention, and Keepit is proud to fulfill this need.

With other solutions, finding the right data to restore can be a tedious task, especially when very little information is provided by users—but Keepit’s unique and intelligent search features make it easy. In the words of Stefan Toefferl, Senior Data Center Engineer at ALPLA: “Keepit provides search filters that make eDiscovery simple, allowing us to quickly find and restore an exact file.”

One of the features most valued by ALPLA is the option to share a secure link to download a file, quickly getting the data back to the users. It’s features like this Public Links (40-second demo video) that makes Keepit more than just an ordinary backup and that helps our customers to become more efficient in their daily IT operations. Read more about the ALPLA customer case here.

Risk management in the digital age

The nature of backup and restoration is that you often don’t know when something might be needed: unexpected audits, legal discovery, cybersecurity incidents, or even an employee needing to recover something that they deleted years ago—these can all happen at any time.

That’s why truly managing risk requires a third-party backup solution that: 

  • Protects users and groups by providing snapshot-based restoration and timeline-based comparative analysis 
  • Preserves roles and permissions, with change tracking and straightforward comparisons 
  • Enables compliance and eDiscovery, for instance by capturing audit and sign-in logs, supporting log analysis, ensuring long-term retention, and enabling restoration to another site 
  • Accommodates growth into policies and devices by preserving device information and conditional access policies 

To help enterprises avoid disruption due to lost or inaccessible SaaS data, Keepit has architected a dedicated, vendor-neutral SaaS data backup solution that is resilient, secure, and easy to use.

You can see Keepit in action on our YouTube channel, or head to our services page to learn more about what we offer.  

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

Why does Pandora FMS Open Source exist?

My name is Sancho and I am the person who started developing Pandora FMS in 2004. I want to tell you why Pandora FMS Open Source exists and why the community is so important to me.

We tell you why Pandora FMS Open Source exists

I always liked computers, I started with a ZX Spectrum and my first game was a hacked one. 

I had to teach myself how to peel a cable to plug the RCA video output into my father’s little TV. In fact, I think I’ve spent more time learning how to solder cables, copy games, and trick them than playing them themselves. 

In the 80s, technical knowledge was what someone could teach you, there was no Internet. And, as a child, I also didn’t have the resources to talk to expert adults. 

When the BBS (Bulletin Board Systems) arrived in Europe I was 14 years old. I still remember, with pristine clarity, the article from a computer magazine that filled my head with wonders: 

“Thousands of apps and games, access to information around the globe, messaging with users around the world…” 

I could learn anything!

And there were even many softwares that I could use without having to hack them!

When I connected to Fidonet in 1990 a world of possibilities opened up. 

I started talking to university students, set up a Fidonet node at home and had the need to do my first programs for my own BBS. It used RemoteAccess and FrontDoor, applications to give access to users and to connect to Fidonet through a modem over the telephone line.

I learned TurboPascal by reading documentation online and with photocopied books in English that other users lent me. 

A student at the University of Zaragoza lent me his credentials and I accessed the Internet for the first time through a RAS built on an HP-UX. 

I didn’t know what Unix was, but I had some commands written down to download things through FTP and then through Kermit to my computer. 

Along the way I had to stick with the AT commands and run head-on with the problem of being a 15-year-old boy who hires two phone lines for a BBS in a room of five square meters.

Antes de Pandora FMS Open Source

Thanks to other users I learned how to connect with the pair of tests in the phonebox of my house to call the US for free and download the McAfee antivirus updates, which I made available to everyone. 

I later learned how to connect to the internet through Compuserve using trial accounts that lasted 15 days. 

In short, I had an insatiable craving for knowledge

I loved to try, combine and dig

I used a lot of software that is now forgotten, such as Desqview or OS/2 Warp, to try to make my PC, made with second-hand parts, have the power to work in what became one of the largest BBS in Madrid (Edison BBS).  

All the software I developed (online games, time banks and things like that) I shared with other BBS Sysop, although my code was terrible. 

*Although no one cared much about the code because everything was to be done and the important thing was that it worked. 

Most of the programs I used had to be compiled by other people with more powerful PCs, my machine took days to compile and link the binaries.

Video Player

Open Source Software Time

When I was in college, the Internet and ADSL came, as well as stacks of photocopied books. 

I tried programming video games and then my first job came. 

There I discovered that the Internet was a much, much bigger world than I had thought. Where there were servers and networks full of computers that people plugged into the web without notifying anyone, and lots of other stuff that appeared little by little… 

That’s when I discovered that it was necessary to bring order to so much chaos

I needed to know what was happening around me and monitor it. 

In each new work, that sense of chaos and lack of control grew. 

There did not seem to be a universal system to collect information and unify it, each had its applications, incompatible with the rest. Unlike the world of Star Trek where everything was compatible and universal.

That craving for knowledge and that habit of sharing at that time was not circumscribed to a philosophy, it did not have a name. It was a pure necessity: to share, learn, test, copy and modify.  

Some years later I discovered what the term Open Source meant. 

But it was just a name, the habit has been in me since I copied my first Game of Spectrum. 

*I once met in an interview an English developer older than me who had programmed one of those games, but that’s another story.

I spent many years learning thanks to others

Now I have to give back everything I have learned since my childhood. 

For me Open Source is not a license, it is not a political doctrine, it is not a fashion, it is a way of understanding life.

Sharing knowledge makes us better as individuals, as a society, and as professionals.

That is why Pandora FMS Open Source is not a “limited” version of the Enterprise version, no, the Open Source version has infinite documentation, in several languages, a changing documentation that includes everything, without secrets. 

The Open Source version not only has code, it has people who answer questions, guides and tutorials and has no limitations. 

It is made for that purpose, to bring order to chaos and allow anyone, programmer or not, to expand and improve it. Without having to share what you do, just let them use it however they want and for whatever they see fit.

There are many users, and companies, that like me when I was younger, cannot afford what an Enterprise license costs. 

I encourage them to use the Open Source version of Pandora FMS, not because it is free, but because you can learn without limit and can make Pandora FMS go far beyond what you think. 

Moreover, if they want, they can share their knowledge back and improve Pandora FMS. 

A code patch has the same value as a collection of icons or a Russian translation.

Where do we get the money?

Easy, not everyone has that craving for knowledge, to learn, to share. 

There are people who have their focus on managing problems, quickly and with professional help. 

They prefer an out-of-the-box tool that solves problems in hypercomplex and very specific environments. 

They still really want to learn and try, but they don’t have the time. Literally, their time is worth much more to their companies than Pandora FMS’s Enterprise license. 

Some Pandora FMS tools, such as policies, can be easily implemented using additional tools (or even your own scripts), but it takes time and knowledge. 

In the Enterprise version it is solved with a couple of mouse clicks.

The same goes for scalability. 

In the Enterprise version we support an active/passive HA system based on MySQL, any user can implement the same system as us, they can also build a Galley cluster to have almost infinite scalability, without the need to mount a Metaconsole (Enterprise). 

In fact we have some users who have been using Pandora FMS for many years with much larger environments than most of our Enterprise customers. 

I encourage you to see for yourself that the free spirit is still there! 

Call it OpenSource, free software, enter the license (GPL2), but above all: 

Learn, share and enjoy the process!

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

SCADAfence Named Winner of Three Prestigious InfoSec Awards During RSA Conference, 2022

SCADAfence Wins 3 Awards at RSA 2022 – 1. Most Innovative Governance, Risk and Compliance (GRC) 2. Next Gen ICS/SCADA Security  3. Most Innovative Internet of Things (IoT) Security  

San Francisco, California June 6, 2022 – SCADAfence, the global technology leader in OT & IoT cyber security, is proud to announce we have won the following awards from Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine:

  • Most Innovative Governance, Risk and Compliance (GRC)
  • Next Gen ICS/SCADA Security
  • Most Innovative Internet of Things (IoT) Security

SCADAfence has won the award for Most Innovative Governance, Risk and Compliance (GRC) in recognition of the governance portal, which provides a multi-site regulatory and policy compliance framework. The portal provides companies with OT networks increased readiness and compliance for organizational policies and regulations. The SCADAfence governance portal is unique in the marketplace, that allows organizations to audit compliance based on real traffic data across multiple sites, and provides ready-to-use compliance dashboard and reports. SCADAfence is currently the only vendor who offers this technology.

Additionally, SCADAfence has won the award for Next Gen Next Gen ICS/SCADA Security since they have a unique Micro Granular Baseline technology. This technology learns every device granularly, per asset and per traffic characteristics. This unique technology provides the most accurate detection mechanism, and dramatically reduces false-positives without the need to reconfigure the baseline upon any changes. Customers get baselining results in hours vs weeks and it keeps getting smarter with advanced AI capabilities.

SCADAfence has also won the award for Most Innovative Internet of Things (IoT) Security, for their ability to provide comprehensive protection to complex industrial IIoT networks comprising thousands of devices from various manufacturers with multiple vulnerabilities.

“We’re thrilled to receive one of the most prestigious and coveted cybersecurity awards in the world from Cyber Defense Magazine” said Elad Ben-Meir, CEO of SCADAfence. “We knew the competition would be tough and fierce. We couldn’t be more pleased to be recognized as Innovators and leaders in the OT security industry.”

“SCADAfence embodies three major features the judges look for to become winners: understanding tomorrow’s threats, today, providing a cost-effective solution and innovating in unexpected ways that can help stop the next breach,” said Gary S. Miliefsky, Publisher of Cyber Defense Magazine.

We’re thrilled to be a part of  this coveted group of winners, located here: www.cyberdefenseawards.com/

About SCADAfence

SCADAfence is the global technology leader in OT & IoT cyber security. The SCADAfence platform enables organizations with complex OT networks to embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. The non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and governance with minimal false-positives. SCADAfence delivers proactive security and visibility to some of the world’s most complex OT networks, including the largest manufacturing facility in Europe. SCADAfence enables organizations in manufacturing, building management and critical infrastructure industries to operate securely, reliably and efficiently. To learn more, go to http://www.scadafence.com

About CDM InfoSec Awards

This is Cyber Defense Magazine’s eighth year of honoring InfoSec innovators. Our submission requirements are for any startup, early stage, later stage or public companies in the INFORMATION SECURITY (INFOSEC) space who believe they have a unique and compelling value proposition for their product or service. Learn more at http://www.cyberdefenseawards.com

About the Judging

The judges are CISSP, FMDHS, CEH, certified security professionals who voted based on their independent review of the company submitted materials on the website of each submission including but not limited to data sheets, white papers, product literature and other market variables. CDM has a flexible philosophy to find more innovative players with new and unique technologies, than the one with the most customers or money in the bank. CDM is always asking “What’s Next?” so we are looking for Next Generation InfoSec Solutions.

About Cyber Defense Magazine

With over 5 Million monthly readers and growing, and over 17,000 pages of searchable online infosec content, Cyber Defense Magazine and our sister magazine being announced after the show is the premier source of IT Security information. We are managed and published by and for ethical, honest, passionate information security professionals. Our mission is to share cutting-edge knowledge, real-world stories and awards on the best ideas, products and services in the information technology industry. We deliver electronic magazines every month online for free, and special editions exclusively for the RSA Conference. CDM is a proud member of the Cyber Defense Media Group, a division of Ingersoll Lockwood. Learn more about us at http://www.cyberdefensemagazine.com and visit http://www.cyberdefensetv.com and http://www.cyberdefenseradio.com to see and hear some of the most informative interviews of many of these winning company executives.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

Leveraging Machine Learning for Behavior-Based Access Control

Enterprises today need to be able to interact dynamically and share information with the right people at the right time. As a result, organizations continually add more interconnected systems to their network to allow information to be readily accessible to those that need it.

However, while this interconnectedness is crucial for modern businesses to thrive, it also leaves them vulnerable to cyberattacks. And as enterprise environments become more complex, it’s becoming clear that traditional approaches to access control and threat monitoring simply aren’t sufficient in an increasingly severe cyber threat landscape. But some leading cybersecurity researchers think there could be a better way – Behavior-Based Access Control (BBAC).

What Is Behavior-Based Access Control (BBAC)?

In simple words, Behavior-Based Access Control is a way of analyzing actor behavior and assessing the trustworthiness of information in real-time using machine learning algorithms. But before we can truly understand BBAC, we first have to understand how enterprises tackle these issues today.

The Current State of Access Control

Companies currently use a combination of different technologies and methodologies to monitor their systems and grant access to information.

The way we approach access control has evolved considerably over time and now includes methods like role-based (RBAC), team-based (TMAC), attribute-based (ABAC), context-based (CBAC), and Situation-Based (SitBAC) access control, among others. But while these approaches do a decent job of locking down information to authorized users, they’re not without drawbacks.

Crucially, most current access control methods are grounded in static policies governed by access control rules. And this presents some significant security risks. For example, what happens if a bad actor steals an access card? Or if an insider performs illegitimate actions within their privilege realm? With traditional access control methods, bad actors can potentially go undetected for a considerable amount of time, exfiltrating data or wreaking havoc on the network.

Misuse of information should be a top priority for any modern enterprise. Still, the situation becomes especially serious for companies that deal with highly sensitive data, like those in the healthcare, finance, and government sectors. And companies in these sectors (or sufficiently large companies in any industry) are increasingly moving towards large-scale distributed systems, where various components are spread across multiple computers on a network. But these systems are often as complex as they are large. As a result, managing access control at scale quickly becomes unmanageable, and errors often slip through the net.

The Current State of Threat Monitoring

On the monitoring side, companies leverage technologies like the Snort or Bro network intrusion detection system or the Host-Based Intrusion Detection System (HIDS). And while these cybersecurity monitoring systems help safeguard corporate systems, they have several limitations. Namely, these types of solutions are typically signature-based and narrowly focused on specific parts of the overall systems. Signature-based monitoring can’t account for sophisticated attacks, like zero-day attacks, where signatures are yet unknown.

Lastly, while companies today often collect vast amounts of useful security such as server logs, they don’t analyze this data in real-time. Instead, this data is used for offline forensics, potentially days, weeks, or even months after a security event. By this time, attackers have likely already completed their nefarious activities and are long gone.

How BBAC Works

BBAC leverages machine learning to dynamically analyze actors’ intent and assess the trustworthiness of information within the system. But how?

BBAC uses a combination of rule-based behavior signatures with statistical learning methods to create a more robust and flexible way of assigning and managing trust. So, for example, BBAC can analyze patterns in the network and adjust access over time and as needed. It can also respond to potential security events in real-time. For example, the machine learning algorithm can create a baseline for expected user behavior by using historical and real-time data. Anything that falls outside of this could be considered suspicious and warrant immediate action, either manually or through automation.

This is contrary to how isolated traditional rule-based systems work, whereby once an actor gains access, they can essentially operate with impunity within their access rights.

The idea here is that BBAC can diminish the risk of misplaced trust and deter the abuse of authorized privileges by continuously monitoring behavior. It analyzes observable behaviors on several different layers in real-time to check for intricate patterns that would otherwise go unnoticed. And by employing this type of sophisticated analysis, IT teams eliminate the need for draconian deny rules at specific layers in the system.

At the same time, user-based BBAC can help alleviate some of the problems companies face when defining access. For example, let’s say a particular policy is set up to deny access to specific files if a user isn’t in an approved location. The machine learning model might detect that users continually request this type of access and alert the security team. Armed with this information, businesses can adjust their policies to allow more flexibility within certain contexts.

The Nuts & Bolts of BBAC

So, what’s actually going on here? How does this machine learning thing really work? Machine learning is all about getting computers to “learn” and make decisions without explicit instructions. And for a machine-learning algorithm to learn, it needs to process vast amounts of data.

For BBAC, the significant data comes in the form of network flow information (TCP and UDP), Higher-level transport protocols like (HTTP, XMPP, and SMTP), audit records (like those produced by web and DNS servers), and application-level content like PDF documents or email and chat messages.

So, that’s the data that feeds the model, but what about the model itself? BBAC models are still in their infancy, but current examples use a combination of supervised and unsupervised machine learning to achieve full BBAC functionality.

Supervised learning leverages labeled datasets designed to train or supervise the algorithm in classifying data and accurately predicting outcomes. So, for example, the algorithm becomes competent at separating data into specific categories, like expected network traffic and unexpected network traffic. This is called classification. The regression supervised learning method can also be used to understand the relationship between dependent and independent variables, which can be useful for predicting outcomes using numerical data.

By contrast, unsupervised learning uses unlabeled datasets and allows the algorithm to discover hidden patterns without human intervention.

Wrapping Up

Behavior-based access control has enormous potential to make enterprise environments more secure, flexible, and responsive. And as we progress through the 2020s, we expect to see more research in this area and likely adoption of this technology by reputable firms. The Department of Defense is actively interested in BBAC, so that should tell you something about where this approach is heading!

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。