CEOCFO-Members Login

October 14, 2013 Issue

The Most Powerful Name In Corporate News and Information


Enterprise-Class Solutions for Digital Investigations

About AccessData:

AccessData Group has pioneered digital investigations and litigation support for more than twenty years and is the maker of the industry-standard computer forensics technology, FTK, as well as the leading legal review technology, Summation. AccessData provides a broad spectrum of enterprise-class solutions that enable digital investigations of any kind, including computer forensics, incident response, eDiscovery, legal review, IP theft, compliance auditing and information assurance. More than 130,000 global users in law enforcement, government agencies, corporations, consultancies, and law firms rely on AccessData software, as well as our premier hosted review and digital investigations services. AccessData is also a leading provider of digital forensics and litigation support training and certification, with our leading AccessData Certified Examiner® (ACE®) program and Summation certification program.

Interview With:
Tim Leehealey

Tim Leehealey is the CEO of AccessData. Prior to joining AccessData he was VP of Corporate Development at Guidance Software. Prior to that he was an investment banking analyst covering the security market at Wedbush Morgan.

“That is exactly what we have done: give you true visibility and clarity across everything that is going on on your network and your host machines and even within your machines and actually the hard drives on your host machines. We give you a complete three hundred and sixty degree view of your entire environment and the ability to stop threats instantly. No one else can do that.”- Tim Leehealey

Business Services

Digital Investigations


588 West 400 South
, Suite 350
Lindon, UT 84042 USA




Interview conducted by: Lynn Fosse, Senior Editor, CEOCFO Magazine, Published – October 14, 2013

CEOCFO: Mr. Leehealey, what is AccessData?

Mr. Leehealey: We are a software company. We develop software to allow corporations to conduct investigations of digital content of any type, wherever it resides. There are two primary types of investigations that people utilize that capability for: one is cyber security, which is an extremely hot market and the fastest growing sector of the company. The other is e-Discovery or litigation-related investigations.


CEOCFO: Would you explain a little bit about how the software works? Could you give us an example of something specific that a company would be looking for and how your software allows them to find it?

Mr. Leehealey: Let me run you through one set of capabilities and show you how they very easily tie into both of the two markets that I highlighted. Let us start out with a simple e-Discovery investigation. Let us assume a company is being sued; whatever company, it does not matter. They are required to preserve data related to the litigation. The other side will say, “These one hundred people, or custodians as they are called, are relevant to the case. Therefore, we want to search all of their digital content for emails or documents related to this matter.” Maybe it is a sexual harassment matter, maybe it is alleged intellectual property theft; it can be any number of different issues. The lawyers will agree on a set of custodians, a set of key words to use and that will be input into the software which will then go out and search the network and any computer that may have relevant information. It will return all of the data that matches the specified criteria. Then the software allows the users to review and analyze it, do all they would need to do with it in the context of the litigation and ultimately produce a portion of it to the other side. That is a very specific example of how our software is used for e-Discovery. However, if I just turn that use case on its head a little bit and instead of making the originating issue litigation, let’s say the originating issue is a hacking incident. Maybe there is an alert sensor that has gone off in your network and said, “There is something funny going on.” Maybe you got a call from the FBI saying, “We found your information; we know your network has been breached. Go investigate it.” Regardless of the source, the next steps in a cyber security scenario end up being extremely similar to the e-Discovery use case.  Based on whatever information you have, an alert or whatever, you set up search criteria. It may be to scan all of your computers for a certain type of malicious activity, a certain type of malicious behavior or maybe just malicious code. It can be to focus on some specific computers, really “go deep” on them and figure out what is going on and then based on that information broaden the sweep across the entire network if necessary. However, regardless of what specific issue you are investigating the steps are very similar. An incident occurs, you identify its parameters in a set of computers or a set of network segments or perhaps the whole network. You then specify the nature of the information that you are looking for or something on which to focus the search so that you are not returning irrelevant information. Then you run the search. Ultimately, the software brings you back the relevant information that you need and allows you to analyze it quickly so you know whether or not you have been hacked, the extent of the hacking, where the hacking took place and potentially what information, in any, the hackers ultimately took from you.


CEOCFO: What is the key in your software to being able to detect what it might suspect might be hard to detect? Is it that you can create the right parameters? Is it that you know how to dig deeply? What have you figured out at AccessData that perhaps others have not as yet?

Mr. Leehealey: The “secret sauce” to what we have done is that we took an investigative approach. Others generally said, “Here is an issue, like malware, and I am going to home in on that one specific issue. I am going to focus my software on solving just that specific issue. We took a different, more comprehensive approach. We said that the problem is not necessarily one type of issue. For example, if you solve the malware issue the hackers and malicious people will simply go around your malware solution by hacking. The problem is really that of visibility. It is that you do not know, in a comprehensive sense, what is going on on your network. Therefore, if you could, with the touch of a few key strokes, get real clarity into what is going into your network, what is going on across your routers and your network, what is on your computers; if you could get real transparency into that, a whole host of capabilities become possible. It is very easy to detect things that look awry if you have this clarity. The problem, again, is the whole security infrastructure and whole security landscape promulgated by others is custom built around solving specific niche problems individually. No one ever took a step back and said that the problem is really one of transparency and clarity and insight into the network. That is exactly what we have done: give you true visibility and clarity across everything that is going on your network and your host machines and even within your machines and actually the hard drives on your host machines. We give you a complete three hundred and sixty degree view of your entire environment and the ability to stop threats instantly. No one else can do that.


CEOCFO: When AccessData speaks with potential clients is there an “aha moment”? When do potential clients understand the difference you provide?

Mr. Leehealey: It is an intriguing question, because it really speaks to the way the whole industry has evolved. People will not come to AccessData and say, “AccessData, we want your investigative solutions,” because they do not even know to phrase it that way. They will say, “We are having a problem, we have so many security alerts and we cannot chase them all down.” Therefore, we will put together a data loss prevention (DLP) project or something in generic terminology that fits into a category a company understands. The “aha moment” comes when we respond to that customer by saying, “Yes; we can do all of those things.” Then they will bring us in and they will want to see our solutions. However, then we will say, “Let’s take a step back and really talk about the problem. I know you have defined your problem as data loss prevention, but the reality is your problem is you do not know what is going on. You do not know what is going on, on your network. You do not know what your employees are doing. You do not know what external people might be doing. You do not know who is clicking on what and it manifests itself in the data loss prevention problem. However, it could also manifest itself in thirty-five different other ways. What you really want to do is get transparency on what’s happening across your network and end points.” When we state it that way and we start to show the right people in the corporation, then we get these incredible “aha moments” when they say, “Oh my gosh! This solves not only this problem that we are talking about, but twelve other problems at the same time!” I just met with a bank on Friday and they were looking at an e-Discovery solution. We were talking about e-Discovery when I mentioned to them that you could really talk about the various initiatives and the common problems they represent. By the end of conversation they were absolutely enamored with AccessData. The compelling thing was, not that we could solve their e-Discovery problem - which we could - but they also had a records retention issue that they wanted to deal with. They wanted to be able to go out and say, “On my network, how many documents are out there that should not be out there.” We think that a use case like that is really just another type of investigation. You have the criteria that you can provide that defines a record as in compliance or out of compliance and I provide you the software to find all documents that are relevant to that type of a search. It is really exciting when you see the “aha moment”, either on the security or on the e-Discovery side. Frankly, we are starting to see some companies that understand the whole comprehensive message. We began mostly in the finance sector, as those are usually the people ahead of the curve by necessity. We have done a number of very large deals this year with finance organizations that say, “We want to put this investigative platform in and utilize it across all of the value propositions.” I have at least twenty very large customers using the same solution for e-Discovery as they are using for incident response, records retention audits, and compliance audits; all of those things from a single console. That is pretty exciting!


CEOCFO: How do you reach potential customers? How do they find you?

Mr. Leehealey: Generally, through the word-of-mouth process I just walked you through. That is how we end up reaching them, in the sense that what we are doing is so different and so new that very few people are saying, “We want what AccessData does.” They are saying, “We want to solve this problem or that problem.” They will ask us to solve a specific problem and we will try to broaden their perspective. Again, we will get in by addressing one very specific problem, maybe cyber security, which is our fastest growing area. However, it could have been e-Discovery, it could have been any number of different things. Once we are in we will work with customers to look at our technology not as a point tool that solves only one specific problem but as a platform delivering network and site transparency as to what is going on in terms of data and solves a whole host of additional problems.


CEOCFO: You just announced last week a new cyber intelligence and response technology. What does that add to the mix? What is the strategy as you constantly tweak your products?

Mr. Leehealey: The strategy with CIRT (Cyber Intelligence & Response Technology) is to connect our capabilities to really powerful but somewhat incomplete security solutions, like SIEMs (Security Information & Event Management). What SIEMs do is provide a security practitioner an alert that says, “We think something bad is happening on this computer,” or “We think something bad is happening on this network segment.” However, a security practitioner’s job is not about receiving alerts and saying, “something bad might be going on somewhere.” Their job is really about protecting the network. Therefore, providing them an alert is really just the beginning of the process. They then need to go out and find out what exactly is going on, confirm or deny the alert, and then if it is actually something malicious figure out how critical the threat is. How large is this issue? Where else do we see this issue? That is what CIRT can do. We are going to people that have bought a SIEM solution or any number of those different types of products and say, “Why did you buy that product?” They will say, “We want to know what is going on in the network.” Then we will say, “Does that really answer the question?” Then you get into this again, this “aha moment”, where at first they will say, “Yes, it tells me that there might be something going on.” Then I will say, “Then what do you do? How do you know it is right? How do you know it is not just that computer? How do you stop the threat?” Then they start to “hem and haw” and that is when they will start to realize that we are absolutely right. There is a huge piece of transparency missing from this solution and we can provide that in an automated way.


CEOCFO: How is business these days?

Mr. Leehealey: Business is really good! We are growing very fast and I think, looking around the world, we should probably be knocking on wood and be really thankful for having strong growth. I always want more, but this will be a record year for us so I should not complain.


CEOCFO: What is your geographic reach?

Mr. Leehealey: It is worldwide. These problems are not specific to any geographic territory. That said, we split up geographically based on economy size and typical industries. However, our geographic profile is not different from most large enterprise software companies.


CEOCFO: What do you see a year down the line?

Mr. Leehealey: We are going to keep doing what we are doing. There is nothing revolutionary in terms of strategy or change ahead for us. What I do think that might be revolutionary and exciting is when people stop defining their problems so narrowly, as just a data loss prevention or hacking issue, and start to realize that their problem is really one of transparency and understanding information. If I can get that type of dynamic and I can get the industry to start to realize that, I think that bodes extremely well for AccessData.


CEOCFO: Why should investors and people in the business community be paying attention to AccessData?

Mr. Leehealey: Because we are doing something very exciting and very unique. There are no companies that are doing things similar to us. We bring a value proposition that no other software company can really get close to.


Any reproduction or further distribution of this article without the express written consent of is prohibited.




Digital Investigations, AccessData, Business Services Companies, CEO Interviews 2013, Enterprise Class Solutions for Digital Investigation, litigation support, Professional Services Company, computer forensics technology, FTK, as well as the leading legal review technology, Summation, Recent CEO Interviews, Business Services Stock, Professional Services Stocks, solutions that enable digital investigations of any kind, including computer forensics, incident response, eDiscovery, legal review, IP theft, compliance auditing, information assurance, digital investigation services, digital investigation software for law enforcement, government agencies, corporations, consultancies, law firms, digital forensics and litigation support training and certification, AccessData Certified Examiner® (ACE®) program and Summation certification program, AccessData Press Releases, News, Companies looking for venture capital, Angel Investors, private companies looking for investors, business services companies seeking investors, digital investigations companies needing investment capital does not purchase or make
recommendation on stocks based on the interviews published.