Incident Response Tools
Posted by
John Sawyer
December 01, 2006
Tags: Guidance Software, Incident-response tools, John Sawyer, Mandiant, Technology Pathways, civil investigations, court, criminal investigations, disclosure, legal, legislation, memory acquisition, memory-dump analysis, noncompliance, regulations, security breaches, Custom Programming, Customs Duties, Data Encryption, Data Networking & Management, Data Protection, Data Security , Database Management Services, Enclosures, Energy, Enterprise Management, Green Computing, Hotspots, Interactive Applications, International, International Organizations, Justice and Public Safety, Linux, Network types, Other, Privacy, Scripting, Security Policies and Management, Security and Privacy, Servers, Servers & Storage, Software, Software and Web Development, State Agencies, State Law-Enforcement Agencies, Technology, USB, USB Cards, WLAN Security, Web Servers, Web Standards, Wireless
Channel: Other, Networking & Mgmt, Servers & Storage, Data Protection, Green Computing, Wireless
 Incident-response tools are becoming increasingly important as new regulations and legislation stipulate disclosure after security breaches. Without established procedures, companies can be penalized for noncompliance.  Well-known software companies such as Guidance Software, Mandiant and Technology Pathways are developing products to assist with live incident response and memory acquisition. Independent researchers are publishing their findings on their Web sites and producing open-source tools for incident response.
Live incident response and new memory analysis techniques are providing more information than believed possible. For companies subject to rigorous legal inquiry, mature commercial tools offer benefits over open-source tools, which must undergo peer review and may be met with skepticism in a courtroom.
|
|
|
Regulations such as the Gramm-Leach-Bliley Act, HIPAA, Sarbanes-Oxley, PCI DSS and California SB 1386 are driving companies and government agencies to document their incident-response procedures following a security breach or other crime. How volatile data is handled is especially critical.
Stepping in to help organizations tackle this problem are incident-response tools that ease compliance with regulations. Researchers also are making tremendous progress in increasing the level of analysis that can be applied during the investigation process. With new memory-analysis techniques, incident-response teams can track down changed data and threats far more effectively than ever before.
These incident-response systems provide a structured method for gathering and analyzing evidence. Companies can use them to preserve critical data and minimize downtime following an incident, possibly preventing disclosure of sensitive data and protecting their reputation.
Related Reading
More wireless Insights
RSS
Email
Print
Share
