Embed Size (px)
Citation preview
INTRODUCING
powered by powered by
The Problem
• Preventing inappropriate or illegal material on computers from entering an environment or being transported (knowingly or accidentally) into a country where they would be illegal or offensive .
• Stumbled on issue when marketing person detained in Saudi Arabia whilst promoting range of anti-porn filters.
• No software available to combat Child Pornography
• Standard pornography filters not useful– Do not have ownership of the laptop / PC.– Investigating PC after the material has entered it.– No evidence.
• Not just a government issue, but also a business issue
The Risks We live in a world where everyone, everything, everywhere is connected. This hyper connectivity brings significant business benefits but also entails considerable
risk.
The risk of breaching legal requirements and regulatory compliance. These are serious matters, affecting your suppliers, clients, employees, investors, partners and regulators. The impact on reputation can be catastrophic as an increasing number of organisations, companies and their key staff and officers have found to their cost.
The risk that an organisation or company is discovered holding offensive or pornographic images, media or software that breaches copyright on their system (knowingly or not) the ultimate responsibility is with the IT Manager, Partners and Directors.
The risk of unauthorized staff downloads of music, offensive image files, video and movies is a major cause of non-compliance and a danger to the integrity of any network. No one is safe from the threat; private business, education, local and central government, health authorities and their key management can all face prosecution as the result of illegally downloaded or stored files.
FACT; On 26th January 2009 the UK law changed with Sections 62 to 67 of the Criminal Justice Act 2008 coming into effect. Passed in May of 2008, the Act make it a criminal offence, punishable by up to three years in prison, to possess material that is deemed inappropriate and of an extreme adult nature – more than ever the consequences of the downloading and storage of pornography, music and video clips onto computers are real business and legal compliance issues that result in serious personal and corporate exposures
What is FAF?
• File Audit Facility (FAF) is a thumbdrive application that scans a target PC for files containing inappropriate and illegal content.
• FAF allows officials to conduct an audit of a PC quickly and efficiently, whereas previously they would not have been able to do so.
• FAF is designed for border custom officials, police forces, forensic experts, business IT security and human resource personnel.
Features
All controls on a single panel for EASE-OF-USE.
Controls set to standard settings – user just needs to hit the Start Scan button.
Features
Choice of what to scan for:
Detection of pornographic images & videos.
Detection of inappropriate web-pages.
Detection of music files.
*MD5# Scanning;Detection of scheduled pornography.Detection of pirated software.
Detection regardless of file extension.
*Note the MD5# feature is not currently available on the commercial release of FAF.
Features
Flexible - able to select path from where to begin the scan.
Flexible – able to specify the threshold for pornography.
The higher the threshold the lower
the number of false positives.
Features
Thumbnails displayed in reports
Different categories
Reports saved to thumbdrive for action
Features
Result summary
Hard drive serial number, time and notes captured
Detailed reports and thumbnailsEvidence….?Evidence….?
Technology
• Developed using CMMI Level 3 Software Processes and Practices.
• Implementation of proprietary Image Processing and Artificial Intelligence algorithms that have won International awards and recognition.
• Deploys anti-piracy component to tie software to single thumbdrive.
• Product enhancement and development roadmap – future utility and performance enhancements will create additional upgrade sales opportunities
Capability Maturity Model® Integration (CMMI) is a process improvement approach that provides organizations with the essential elements of effective processes.
CMMI helps integrate traditionally separate organizational functions, set process improvement goals and priorities, provide guidance for quality processes, and provide a point of reference for appraising current processes.
Worldwide Adoption; CMMI is being adopted worldwide, including North America, Europe, Asia, Australia, South America, and Africa.
Benefits of Process Improvement; The quality of a system is highly influenced by the quality of the process used to acquire, develop, and maintain it. Process improvement increases product and service quality as organizations apply it to achieve their business objectives.
CMMI Benefits
The CMMI Product Suite is at the forefront of process improvement because it provides the latest best practices for product and service development and maintenance. The CMMI models improve the best practices of previous models in many important ways. CMMI best practices enable organizations to do the following:
1. more explicitly link management and engineering activities to their business objectives 2 .expand the scope of and visibility into the product lifecycle and engineering activities to ensure
that the product or service meets customer expectations 3. incorporate lessons learned from additional areas of best practice (e.g., measurement, risk management, and supplier management4. implement more robust high-maturity practices
5. address additional organizational functions critical to their products and services © 2009 Carnegie Mellon University
What is CMMI?
Awards and RecognitionPIKOM Computimes ICT Awards 2004 - WINNER“ICT Product of the Year”
MSC - Asia Pacific ICT Awards 2004 - WINNER“Best of Applications and Infrastructure Tools”
International Asia Pacific ICT Awards 2004 Hong Kong - MERIT AWARD“Best of Applications and Infrastructure Tools”
MSC - APICTA 2003 - MERIT AWARD“Best of R&D”
Asian Innovation Awards 2004 - FINALIST Far East Economic Review“Improving Productivity, Efficiency & Quality of Life”
Asian Conference on Computer Vision 2004 28-30 January 2004, Juju Island, Korea.Detecting Pornographic Images
MSC-APICTA 2005, Malaysia - WINNER
URLChecker "Best of Application and Infrastructure Tools".“Surprisingly, perhaps, it works brilliantly”
4 out of 5 Stars
Decision
Skin Tone Detection
Texture Detection
Edge Detection
Blob Detection
Limb Detection
Face Detection
Image Processing
Neural Network
Content-based image processing engine can analyse 100 images per second.
Fast filter whilstdecoding for speed
ImageAnalysis
Achieved by analysing image and video files without need of fully decoding them.
Deploys proprietary, International Award winning technology
Pornography
• FAF partners Zentek Forensics – BSi 29000 accredited forensic experts who work for Police, MOD and other agencies
• Maintain a large database of porn images for law enforcement purposes.
• FAF product road map will add MD5 hash scanning ability
• To check for scheduled porn images MD5 hash values (file identifiers) are used. – Fast processing speed with no loss in accuracy.– Prevents circulation of the actual images.
• FAF is able to scan an entire hard drive for images, videos and HTML page files in minutes.
Webpages
• For the analysis of webpages a Bayesian network classifier was developed and implemented in FAF:– Words / phrases considered in the context of
other words / phrases.
– Able to take metadata (information about number of images / links) into account.
– Unicode development; Supports multiple language sets including; Arabic, Thai, Turkish, Russian, French & German.
– More accurate than the simplistic keyword approach implemented in most filters.
Music Files
• Most common form of piracy.
• Difficult to prove piracy as users are allowed to make own copy if have CD.
• FAF locates files with known music (mp3, wav, etc) extensions.
• Rational for inclusion– music files major source of disk space major source of disk space
usage.usage.– exposure to FACT sanction & penalties exposure to FACT sanction & penalties
Marketing• Media endorsement 4 stars out of 5
“In our tests, the software could find and detect all of the objectionable content we purposely placed on our test machine”
• Pricing • RRP £140RRP £140 for 12 month license• Reseller margin of up to 50%
• Includes;• Confiscation Insurance (unique – world wide)• 2 Hours free legal support &;• Discount on subscription to
The Extended Product SuiteEnterprise - Client / Server application:
Captures and analyses everything displayed on the screen and stored within the hard-drive for pornographic material. Text string analysis against forensically sound and proven threat libraries, management of productivity & GCR issues Customizable to suit the needs of organizations. Remote management and viewing of incidences via the Internet.
Browser plug-in:
Replaces pornographic images in web-pages with a neutral image. Records URLs of pornographic pages visited. Enables user White / Black listing of sites
™
Standalone:
Captures and analyses everything displayed on the screen and stored within the hard-drive for pornographic and other unwanted material on a standalone machine. Also controls Internet and application usage and access.
URLChecker
A robot application that automatically searches out and categorizes websites as being i) highly likely to be pornographic, ii) highly likely to be non-pornographic, or iii) boundary (requiring manual categorisation). It maintains a database of previously categorized websites, allowing the entries to be edited using a web interface and the contents to be exported into a suitably structured file for uploading to third party URL blocking solutions. Designed for ISP & Large Corporate / Educational installation
The Extended Product Suitee-safe insurance – specialist insurance :
e-safe recognizes that cyber risk impacts materialize in the physical world – e-safe insurance delivers a range of bespoke and specialist insurance products that dove tail with e-safe software solutions – making sure that all bases and risks are answered.
More details at www.esafeinsurance.co.uk
e-safe law – specialist legal support:
As with insurance e-safe recognizes that there are times when quality legal support is essential. e-safe law dove tails quality legal services and support with e-safe software solutions
Forensic Services
There are times when prevention fails or the problem requires deep investigation – this is where our partnership with Zentek Forensics comes into play; Zentek are the only company in the UK to have both ISO 9001 ISO 27001 and ISO 29001 certification for 'Expert Forensic Examination of Digital Media‘, enabling Zentek to deliver mobile phone forensics and digital forensics, offline and online, as well as computer examination., The Zentek team consists of world class investigators who are experienced expert witnesses, all with judicial experience.
Demonstration and QuestionsDemonstration and Questions
THANK YOU
