Michele Chubirka

Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

See more from this blogger

Digital Forensics: DIY Or Call An Expert?

When a security incident occurs, whether it’s a malware infection or a data breach, the question of engaging outside assistance inevitably arises. Regardless of an organization’s size and even if you have an internal security team, when should you bring in an expert?

Recently, a colleague asked for software recommendations to perform digital forensics for e-discovery. Without knowing many details, I provided information regarding various commercial and open source options but offered the following caveat: “If this is important, hire someone. I wouldn't recommend doing this yourself if there's a lot riding on it."

I advised that it's possible to taint the evidence, which could cause problems with a cyber insurance claim or in a court case. I warned that forensics is the one place you don't want to take any chances.

The information security landscape has changed significantly over the last decade and there’s much more at stake for today’s enterprise when handling a security incident. When I first started in academia, I was a member and sometimes the lead of the incident response team. I dealt with all types of security events, including compromised accounts, spam, Digital Millennium Copyright Act (DMCA) and Motion Picture Association of America (MPAA) complaints, malware, even DoS attacks. In the late ‘90’s, the incidents seemed fairly pedestrian and represented just another “day in the life” of managing systems in a very open and exposed university environment.

However, this was before many of the large and embarrassing data breaches that occurred in the education sector, which exposed student and staff Social Security numbers. In an effort to meet compliance requirements and protect the reputation of the institution, we eventually built an independent security group with some very talented people who handled everything internally and it worked well. I ultimately ended up in security engineering and architecture, deciding I liked building better than breaking, writing policy or trying to catch the bad guys.

Fast forward to the present and there are now dozens of different information security specialties. There are dedicated incident responders, information assurance and risk assessment professionals, application vulnerability experts and penetration testers. These specialties have evolved in response to the increasingly complex practice of information security and digital forensics.

[Read how a well-defined incident response plan can help facilitate communication between the security team and operations in "Security Analysts and the Island of Misfit Toys."]

Between the overwhelming number of regulations, compliance requirements, and increased threats, I find it hard to imagine that even the most robust enterprise security teams wouldn’t need outside expertise on occasion.

While most in-house teams are comfortable responding to spam and abuse complaints or addressing malware breakouts, they don’t always have the knowledge or spare cycles for in-depth analysis and reverse engineering. This can be a critical step in differentiating between something that appears to be innocuous, but is actually more insidious by creating persistent entry points for malicious parties in the enterprise. Developing this expertise internally can be time-consuming and expensive, so while an organization is building a team proficient in these skills, calling in outsiders can be a good choice.

Then there are the legal questions that arise with the collection of digital evidence. It’s probably a good idea for an organization of any size to have a retainer agreement with a reputable security company specializing in digital forensics.

Failing to make this arrangement before you actually need it is like waiting for the fire to break out before buying a fire extinguisher. It’s usually going to be too late and you could make critical errors in handling evidence that could impact your company’s ability to take legal action, meet breach notification requirements or file a cyber insurance claim.

Your organization's incident response plan should the answer the question of whether DIY is the right approach or whether it's time to call an expert. A good plan will include input from all relevant stakeholders, with this question addressed by everyone who has an interest in the outcome. Once the rules of the road are well established, in writing, there should be less question of what is appropriate when you hit the panic button.

Related Reading

More Insights

Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013

TechWeb Careers