RSS
Email
Print
ShareForensics: New Options for the Enterprise
Posted by John H. Sawyer on October 15, 2007
Last month Ameritrade announced that 6.3 million customers' personal information had been exposed to remote attackers—no one knows for how long. Unauthorized malicious code, not identifiable by antivirus products, provided access to an internal customer database.
If this happened to you, what would be your first move? Do you have enterprise-wide incident response policies paired with tools, logging systems or network recording devices to quicken response times and consolidate analysis to affected systems? How about dedicated first responders?
If you think finding out who did what with your data always means calling in high-priced spooks armed with arcane software, think again. The trend is toward placing the power to handle investigations in the hands of enterprises themselves. Why? With security incidents, e-discovery and litigation on the rise across all industries and organizations of all sizes, having tools in-house allows IT to mobilize quickly and address situations before there's significant impact.
The forensics software landscape has also gotten more inclusive, with enterprise-class investigative tools in the pipeline along with log-analysis software, network monitors, and systems that can aid in investigations and e-discovery involving e-mail. Many of these do double duty, making them easier sells come budget time.
In the forensics space, at least two upstarts are set to rival the enterprise edition of Guidance Software's Encase, the granddaddy of investigative toolsets. By year's end, security services provider Mandiant will step into the enterprise incident response arena with its Intelligent Response appliance, and AccessData is also prepping an offering, due in the first half of next year, that will encompass forensics, incident response and e-discovery.
Add Your Comment: