Showing posts with label infosec. Show all posts
Showing posts with label infosec. Show all posts

SANS Survey Reveals Need for Analytics to Tackle Big Data

While organizations are still relying heavily on log management or SIEM platforms, only a small percentage are confident about their ability to analyze large data sets for security trends, according to the newly released  SANS Security Analytics Survey.

Guidance Software recently co-sponsored the survey with Hewlett-Packard, Hexis Cyber Solutions (a KeyW Company), LogRhythym, and SolarWinds on awareness and use of analytics and intelligence to augment current monitoring practices. 

Announcing EnCase Analytics, the Industry’s First Proactive Endpoint Security Analytics Solution

Just in time for the Department of Homeland Security’s National Cyber Security Awareness Month, Guidance Software has unleashed one of the most powerful weapons in the war against security risks--EnCase® Analytics. In fact, we announced  the general availability of EnCase Analytics just yesterday. This is big news for information security, incident response, and risk and compliance teams, because EnCase Analytics gives you something you could never get before: an early look at previously unknown and difficult-to-detect threats through the use of “big data” analytical techniques. It does this by analyzing the reams of data generated by your users’ endpoint activity, producing for the first time a clear picture of organization-wide security risk—both internal and external. 

Border Wars: Incident Response vs. Forensic Investigation

Josh Beckett

In my day job, we often discuss security tools and the respective processes that generate the requirements that demand the use of such tools. Lately, we have been debating incident response tools and processes as contrasted with forensic investigation tools and processes.  Obviously, both have differing benefits that they bring to the general discipline of security.  They also have differing requirements in terms of the tool sets that they require to execute those processes.

To me, the boundaries between forensic investigation and incident response have always been rather clear.  Maybe slightly fuzzy at the exact interface between them, but not a huge gaping canyon of a zone of uncertainty.  However, lately, I'm starting to believe that out there in the rest of the community it may not be so clear.  I could be wouldn't be the first time and I'm sure it won't be the last, especially if you ask some of my close friends.

Through the looking glass...blessing or burden?

Josh Beckett

Google Glass coming out has had some interesting implications to the world of security and forensics.  I thought the QR code vulnerability was certainly unique and akin to the drive-by RFID vulnerabilities that exist.  I'm sure we haven't seen the last of such issues.  Google, of course, says this was all part of their plan to really shake out the bugs and round the rough edges that they didn't foresee.  Is that claim more marketing than truth?  Meh, probably a little of each.  It's a nice idea, but I hardly think that even one thousand hacking oriented techies could even scratch the surface of possibilities for what this technology could potentially deliver, good and bad.  Some interesting use cases have already come about, but I think the best are still to come.