Guidance forensics tool now working with SIEM
- 19 October, 2011 08:47
- Comments
Guidance Software today said its computer forensics tool is now capable of automated collection of data on endpoint devices, including computers and smartphones, based on a security information and event management (SIEM) alert.
The Guidance product, EnCase Cybersecurity version 4.3, can now take action to collect forensics data on endpoints after receiving a security alert from the HP SIEM, ArcSight Enterprise Security Manager. According to Anthony Di Bello, Guidance product marketing manager, the goal is to immediately collect forensics data as a security incident may be in progress, perhaps in the middle of the night, if the SIEM issues an alert based on its own compilation of security information from various sources.
Security roundup for week ending Oct. 14
"The purpose could be to see who logged into a machine, what ports were open, and other information that could easily decay and not be detected again," says Di Bello. "It's the ability to immediately grab a snapshot of an endpoint when that alert comes in through a SIEM." This could be a way to collect evidence of the type of intrusion today often referred to as an advanced persistent threat.
The snapshot of that kind of forensics information would be immediately sent to the SIEM, which correlates information collected from various sources, and could be used for remediation. The types of endpoints supported in EnCase client software are various versions of Windows, as well as Linux, Solaris and HP-UX, plus smartphones and mobile devices that include Apple iOS devices, Android, Microsoft Mobile 7 and Palm and Symbian.
This is the first time that Guidance has linked its EnCase forensics tool to a SIEM by building a connector for it, says Di Bello. It selected ArcSight in part because several Guidance customers today have it. On its future roadmap, Guidance wants to integrate EnCase Cybersecurity with the SIEM from Q1 Labs (which is being acquired by IBM, a deal expected to close by year-end).
Guidance is also exploring how EnCase Cybersecurity could be integrated into an automated collection mode through other types of security monitoring and detection tools, including those from FireEye and Damballa.
Read more about wide area network in Network World's Wide Area Network section.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
- Forensics Tools Help Companies Investigate Intrusions Remotely
- A brief history of smartphones
- Security Research Center - Network World
- Security roundup for Oct. 14: BlackBerry blows up; Moxie's moxie on SSL certificates; Vint Cerf on Google's privacy policies
- Windows Research Center - Network World
- Linux Research Center - Network World
- So you think you know Apple?
- 8 useful Google Android resources
- Microsoft Subnet: An independent Microsoft community
- IBM buys security intelligence minded Q1 Labs
- FireEye malware blockers don't rely on signatures
- 11 security companies to watch
- LAN & WAN Research Center - Network World
- Get the Whole Picture Why Most Organizations Miss User Response Monitoring—and What to Do About It
- IDC MarketScape: Worldwide Business Process Platforms 2011 Vendor Analysis
- Prepare Your Enterprise for the Mobile Revolution: Boost the Bottom Line with Mobile UC
- Consolidation Without Compromise
- Traditional Backup is Dead - Are you prepared?
-
Apple aims iPads at High Schools
-
Face Time - Interview with John Brennan and Robert DiStefano
-
Google Jumps Into Social Bookmarks Game
-
NBN build gaining momentum daily: Quigley
-
Face Time - Interview with John Brennan and Robert DiStefano
-
Optimised Data Protection for VMware® Environments with Symantec NetBackup™ Appliances
VMware® remains the most widely deployed virtualisation solution. The explosive growth of VMware infrastructure in organisations both large and small has enabled corporations to more fully exploit their hardware investments. With multiple virtual machines running on few physical hardware nodes, hardware costs are reduced, as well as space, power, and cooling requirements. This white paper discusses in more detail how VMware environments can be protected with the NetBackup appliances. Read more. -
How progressive companies are using social technologies
Social networks and collaborative technologies are now commonplace in many workplaces. Having first been used “on the quiet” by highly-networked employees, in increasing numbers they are now being proactively used by businesses keen to connect more effectively with their internal and external audiences. Web collaboration is now viewed as critical to company success and as having multiple benefits and applications to the business. Read on. -
The Top 5 Server Monitoring Battles—and How You Can Win Them
The role of servers in your organization has changed substantially—with their uses, requirements, and complexity all increasing dramatically in recent years. Many of the traditional tools and techniques that worked in the past don’t suffice any more. Consequently, server monitoring presents several critical battles in today’s demanding environments. This guide looks at some of the most pressing challenges administrators face in ensuring optimal server performance, and it offers insights into the tools and strategies required to address these demands.
Get exclusive access to Invitation only events CIO, reports & analysis. 
Comments
Post new comment