Ensuring the security of your organisation involves efficient technology, yes, but also trained personnel to make sense of log data that is continuously accumulating, says Brendan Carroll.
With the rapid evolution of cyber capabilities and the increasing reliance on technology by corporations and government, processes have become more efficient, collaboration has been made simple, and flexibility and versatility have come to be regarded as cornerstones within successful IT departments. In order to prevent the exploitation of vulnerabilities within critical processes, however, one must be equipped with the right tools to detect, prevent and analyse any actual or attempted intrusions.
The products that we review this month fall into the categories of network and media forensic tools. These solutions provide a critical line of defence, allowing an organisation increased control over its network and the ability to analyse critical data stored on any digital medium.
Network forensic devices allow the traffic flowing over a network to be captured, logged and analysed. Features employ anything from granular control mechanisms to automated reporting capabilities – providing a security team with all the tools necessary to ensure the protection of its network.
While the devices we examined this month provide the capability to extract and analyse data, the true benefit an organisation will receive from these solutions depends on having strong policies in place, developed processes and a well-trained and experienced security team. Further, the raw data exchanged over any network can be critical to its security. This makes having a forensic tool to capture and log that data necessary; even more important is having a team in place that can analyse and understand what it is they are looking for and guarding against.
In order to gain the best results from one's investment, the software should be implemented with several considerations. Filters are necessary in refining data search so a user is not overwhelmed with unnecessary information. Contextual information about the network architecture should be provided in order to make analysis more efficient. Finally, if one is to make the investment in a network forensic product, training should be integrated into the organisation's deployment plan. Having a well-trained team that knows what it is looking for will increase the efficacy of the product and ensure the security of the organisation's network. With the proper organisational considerations and foundations, the deployment of a network forensic tool can strongly impact the evolution of the security standards a company has in place.
However, even the best forensic team must be equipped with the proper tools to do its job appropriately. Many investigative teams need to recover files that have been deleted or access specific files buried in the depths of a system's file structure. With forensic tools such as we examine here, investigators have the ability to create an image of a digital storage medium where they can then drill down and analyse the necessary data at a granular level. This kind of transparency enables a team to recover and analyse whatever information could be deemed a threat.
From malicious insiders to viruses, phishing scams and more, organisations' data faces a persistent threat of compromise. As a result, we are forced to remain ever vigilant for the next threat to our resources. There is no single solution or guarantee. Rather, each organisation has the responsibility to tailor its security to the values and corporate policies in place, and for each organisation there are a host of forensic products that may prove fitting.
Brendan Carroll graduated in May from Norwich University in Vermont, US, with a degree in computer security and information assurance. The following Norwich University students contributed to this month's reviews: Georgij Lazarevski, Marjan Shapkaroski, Trevor Bergeron, Saul Costa, Mathew Davis, Ryan Dibble, Alexander Foskarino, Brendon Gallant, Steve Gonzales, Dillon Halliday, Katya Lopez, Zachery Matera, Gabriel McLean, Rory O'Neil, John Parker, Daniel Smith, Joshua VanLaar and Benjamin Wright.
The following reviews are the products that scored most highly. For the full range of reviews from the SC group test, go to: www.scmagazineuk.com/group-test/section/332