Extract·Attribute·Notify

Figure out what was in the data a breach exposed.

A breach investigation firm like Mandiant identifies the data that was compromised. Octosight figures out who was in it. A per-person record of what was exposed, accurate the first time.

The Pattern, Applied to Breach Response
A defined data set. A regulator clock. A notification that has to be right the first time.
Every revision of a breach notification is a second hit with regulators, customers, and the brand. Getting it right the first time is the work.
The Problem

The compromised data set is a heterogeneous pile. The right data points have to be joined to the right person before the notification goes out.

Name and date of birth in one file. Social security number in another. Procedure codes in a third. The notification needs all of it, tied to the same person.

What Octosight Solves
01 / Extract

Every PII, PHI, and PCI field across every file.

Index every word of every file the forensic firm identified. Densely populated files surface first.

02 / Attribute

Join records across files into one row per person.

Standardize extracted fields and join across documents. Every field traces back to the page it came from.

03 / Hand off

Notification-ready records, plus a tagged subset for human review.

Files that warrant a deeper read export in the format forensic document review platforms like Relativity and Nuix accept.

Ransomware Readiness

Index every file before the event. Keep answers when files can no longer be opened.

When file content is indexed before ransomware hits, the index survives the encryption. Answers about what was in the encrypted files come from the index, without decrypting anything.

01 / Before the event

Continuous indexing across the estate.

The index lives outside the files. Encrypting the files does not encrypt the index.

02 / During the event

Answer through the encryption.

Search the indexed content to see what is inside each encrypted file.

03 / If it becomes reportable

Breach response runs on the same data.

No second ingest. No second tool. The notification record begins assembling immediately.

How Breach Response Changes
  • From file-counted to person-counted. The deliverable is one record per affected person, not a tally of files reviewed.
  • From standalone tool to clean handoff. The subset that needs human review leaves in the format forensic document review platforms like Relativity and Nuix accept.
  • From revised notifications to right the first time. Joining data points to people before the notification goes out reduces the need to revise it later.
Now boarding

AI for

Run it on your data.

By submitting this form, you agree to Octosight processing your information per our Terms and Privacy Notice.