Every day cyber security firms are constantly having conversations with their customers informing them they have been affected by a data breach. Their customers do not have the budget for tools and software required to remediate the breach successfully. There internal IT (Information Technology) teams don’t have the technical ability to drive software and tooling, even if software and tooling was deployed. Data Breach: an incident which sensitive, protected or confidential information is released, viewed, stolen, or used by an individual who is not authorized to do so. The number of businesses that are being suffering data breaches, and are identifying and reporting the breaches is increasing rapidly. This is not just affecting SME’s but multi-million dollar global organizations. Large companies however are able to afford large setup, maintenance, and employee costs to remediate data breaches successfully, while SME’s have neither the budget, or hardware to attempt to remediate the breach. This leaves SME’s vulnerable to intellectual property theft, exposed customer information, and banking details being exhilarated from the company.

This exfiltrated information will then be sold to the highest bidder on the black market. The value of the information varies in price, the power of ascertaining another company’s customer database, there pricing information is of great value to a competitors company.

Malicious “hackers” are compromising thousands of businesses every day and stealing terabytes sensitive information. These criminals are currently getting away with it as victims are currently unable to afford tooling, and investigators to bring criminals to justice.

If this continues this will affect more than just individual businesses this will affect entire economies. Currently the majority data exfiltrated from organizations is being sent to Southeast Asia, and local authorities and governments within offending countries are not supporting investigations.

Among the data exfiltrated is plans and designs for cars, phones, laptops, products, fashion items, artwork, and new technologies. The victimized companies used their equity in developing the products, and plan to relinquish the funds from the profit generated when the projects are ready for sale. When these plans are stolen, foreign markets with cheaper labor and materials will be able to produce the product cheaper, without needing to relinquish development costs.

This project aims to create a cloud based solution that provides “rapid scalability, with un-compromised security”. To successfully remediate a data breach investigators require specialist toolsets to analyze systems, and remediate the threat. Currently specialist toolsets commonly known as EDR Tools (End-point detection and remediation or response) require large initial setup and maintenance costs.

Existing EDR tools use an on-site based methodology, requiring businesses to purchase enough hardware (servers) to support their current requirements, and then purchase software (EDR Tool) to install on the hardware.

This not only has large initial and maintenance cost to the business but procurement for getting hardware can take a long time even in large businesses. Not forgetting the hardware still need to to be shipped, installed, configured, and then documented.

A cloud based model with eliminate the all of the above, the only setup that’s required is to install the application on end-points. All the rest will be hosted in a private cloud.

The end goal is to provide a solution that both SME’s and large businesses can use in the event of a data breach. Instead of large and complex setup costs, the project aims to create a solution that can be deployed onto any system and analysis can be performed remotely.

The project will initially research into the problem; how many businesses are being breached, how big are the companies, and what they are doing to remediate data breaches. More research will be undertaken to understand the security concerns, and advantages to cloud computing, along with evaluating existing EDR Tools.

Finally from the information deduced from the research a development plan will be made to create, and develop a cloud based end-point detection and remediation solution.

Once a development version of the solution is available the solution will be tested internally for major security flaws and bugs, then deployed out to industry professionals to get their opinions on the solution.

Finally the project will summarize the overall project with issues, successes, and possible future development plans.

This project is only to produce a proof of concept, to demonstrate a cloud based EDR Tool could be the solution to remediating a data breach for organizations. The project team has very little development experience, and therefore just because this development team is unable to implement an item of functionality to the solution does not mean it is not possible by a more experienced developer.

The proof of concept must utilize a cloud based infrastructure and use a cloud based methodology. The however the solution is not expected to be a fully operational cloud based tool, it is only required to have very basic and simple functionality.