EnCase® Cybersecurity Receives HP ArcSight Action Connector Certification

  EnCase® Cybersecurity Receives HP ArcSight Action Connector Certification

 Enables Faster Incident Response Times through Real-Time Capture of Endpoint
                  Activity and Automation of Critical Steps

Business Wire

PASADENA, Calif. -- February 13, 2013

Guidance Software Inc. (NASDAQ:GUID), the World Leader in Digital
Investigations™, announced today that its EnCase® Cybersecurity product has
demonstrated interoperability with HP ArcSight Enterprise Security Manager
(ESM) and has received HP ArcSight Action Connector Certification.

The interoperability of EnCase Cybersecurity with HP ArcSight is the
first-of-its-kind to automate incident response between event prioritization
and time-sensitive response actions. This interoperability can reduce cyber
attack response and remediation time to a matter of minutes or hours, from
days or weeks.

“Cyber incidents are costing enterprises millions of dollars, countless staff
hours and incalculable reputational damage,” said Alex Andrianopoulos,
Guidance Software Vice President of Marketing. “The spike in cyber incident
volumes has intensified the need for rapid and comprehensive capture, review
and analysis of endpoint data at the moment of a security alert. We were
pleased to work with HP on delivering technology that gives IT security teams
what they need for the fastest possible response to incidents at every threat
level.”

The interoperability of EnCase Cybersecurity with HP ArcSight ESM enables the
automation of four areas of incident response.

First is immediate forensic auto-capture of live system memory in order to
validate detected threats and capture host-based threat data that would
otherwise be lost.

Second is capturing Internet history, artifacts and cache files in response to
events leveraging browser-based vulnerabilities, data exfiltration through
file-sharing services, or in response to inappropriate browsing alerts.

Third is that IT security teams can now instantly prioritize response, giving
them the ability to better manage the thousands of alerts that occur daily and
maximize their impact. Incident response automation provides information on an
attack in minutes, allowing security teams to scan for attacks on sensitive or
controlled information and make those the top priority.

Finally, security teams can conduct forensic audits against white- or
blacklists in order to expose unknown processes and files, or to scan for
exact and similar matches to previously detected threats.

“Organizations are spending an increasing amount of time with limited
resources responding to, and recovering from, cyber attacks,” said Buck Watia,
Director, Business Development, Enterprise Security Products, HP. “The
interoperability of HP ArcSight ESM with EnCase Cybersecurity provides
customers with critical visibility into the state of potentially affected
hosts at the time an attack is detected, along with the means to dramatically
reduce the time it takes to resolve.”

IT security managers can run these EnCase Cybersecurity functions from within
HP ArcSight ESM with a few mouse clicks, or can set them to run as automatic
processes when an incident triggers a security alert. This closes a critical
gap that exists between network security, incident response and investigation
teams while reducing overall time and costs related to incident management and
response.

Availability

EnCase Cybersecurity is available now and the Action Connector delivering the
integrated capabilities above can be obtained via the HP ArcSight Customer
Portal under Guidance Software. Additional automated-response options can be
configured by Guidance Software Professional Services. More information on the
combined solution is available at
http://www.guidancesoftware.com/automatic-response.htm.

About EnCase Cybersecurity

EnCase Cybersecurity is the endpoint incident response and data auditing
software solution designed to reduce costs and complexities associated with
the incident response process and to reduce the risk of exposing sensitive
data to loss or theft. EnCase Cybersecurity helps prioritize analysis of
potentially infected systems, determine source and scope of an incident,
identify potential data-loss scenarios, and minimize time to remediation.

About Guidance Software, Inc.

Guidance Software is recognized worldwide as the industry leader in digital
investigative solutions. Its EnCase® platform, with more than 40,000 licenses
distributed worldwide, provides the foundation for government, corporate, and
law-enforcement organizations to conduct thorough, network-enabled, and
court-validated computer investigations of any kind, such as responding to
e-discovery requests, conducting internal investigations, responding to
regulatory inquiries, or performing data and compliance auditing - all while
maintaining the integrity of the data. The EnCase Enterprise platform is used
by numerous Federal Civilian and Defense agencies, more than 65 of the Fortune
100, and thousands attend Guidance Software's renowned training programs
annually. For more information about Guidance Software, visit
www.guidancesoftware.com.

EnCase®, EnScript®, FastBloc®, EnCE®, EnCEP®, CaseCentral®, CaseCentral
eDiscovery Cloud®, Guidance Software™, and Tableau™ are registered trademarks
or trademarks owned by Guidance Software in the United States and other
jurisdictions and may not be used without prior written permission. All other
trademarks and copyrights referenced in this press release are the property of
their respective owners.

GUID-F

Contact:

Guidance Software Inc.
Brigitte Engel, 626-229-9191
newsroom@guidancesoftware.com