Forensics: New Options for the Enterprise

Last month Ameritrade announced that 6.3 million customers' personal information had been exposed to remote attackers—no one knows for how long. Unauthorized malicious code, not identifiable by antivirus products, provided access to an internal customer database.

If this happened to you, what would be your first move? Do you have enterprise-wide incident response policies paired with tools, logging systems or network recording devices to quicken response times and consolidate analysis to affected systems? How about dedicated first responders?

If you think finding out who did what with your data always means calling in high-priced spooks armed with arcane software, think again. The trend is toward placing the power to handle investigations in the hands of enterprises themselves. Why? With security incidents, e-discovery and litigation on the rise across all industries and organizations of all sizes, having tools in-house allows IT to mobilize quickly and address situations before there's significant impact.

The forensics software landscape has also gotten more inclusive, with enterprise-class investigative tools in the pipeline along with log-analysis software, network monitors, and systems that can aid in investigations and e-discovery involving e-mail. Many of these do double duty, making them easier sells come budget time.