IDS Response Bolstered with Computer Forensics.Business Editors/High-Tech Writers RSA Conference The RSA Conference is a Cryptography-related conference held annually in the San Francisco Bay Area. The RSA Conference started in 1991 as a forum for cryptographers to gather and share the latest knowledge and advancements in the area of Internet security. 2004 PASADENA, Calif. & SAN FRANCISCO--(BUSINESS WIRE)--Feb. 25, 2004 Guidance Software's EnCase en·case tr.v. en·cased, en·cas·ing, en·cas·es To enclose in or as if in a case. en·case  ment n. Enterprise Edition Monitors and Responds to SNORT and Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. Systems' RealSecure IDS Alerts Guidance Software, Inc. today announced that its award-winning EnCase(R) Enterprise Edition (EEE EEE eastern equine encephalomyelitis. EEE eastern equine encephalomyelitis. ) software supports automatic response to the leading open-source intrusion detection system This article is about the computing term. For other uses, see Burglar alarm. An intrusion detection system (IDS) generally detects unwanted manipulations of computer systems, mainly through the Internet. (IDS) SNORT(TM) and the leading commercial IDS application from Internet Security Systems(TM), RealSecure(R) alerts. In addition Guidance Software announced through ODBC (Open DataBase Connectivity) A database programming interface from Microsoft that provides a common language for Windows applications to access databases on a network. , EEE detects and responds to alerts from other IDS solutions and perimeter security systems such as firewalls. The support of SNORT and RealSecure provides security administrators immediate response to high-priority IDS alerts through an automated capture of critical evidence directly from the system or systems being attacked. EEE provides network-enabled incident response and a computer forensics The investigation of a computer system believed to be involved in cybercrime. Forensic software provides a variety of tools for investigating a suspect PC. Such programs may include a function that copies the entire hard drive to another system for inspection, allowing the original to system for immediate and thorough forensic analysis of servers and workstations, anywhere on a network, without disrupting operations. Thus, when responding to a high-priority alert, EEE will automatically obtain a system snapshot (1) A saved copy of memory including the contents of all memory bytes, hardware registers and status indicators. It is periodically taken in order to restore the system in the event of failure. (2) A saved copy of a file before it is updated. of the server or workstation in question, displaying all the open ports, running processes, open files, the live registry and other volatile data that will provide definitive information on whether a system has been compromised. EEE is utilized by numerous commercial and government organizations to conduct network investigations of workstations and servers. "This development enables a complete incident management process to support an organization's investment in IDS systems," said John Patzakis, president and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of Guidance Software. "Forensically sound response and investigation is now immediate, providing a precise evaluation of an IDS alert that quickly determines the magnitude and scope of an incident." Industry analysts recently questioned IDS technology, saying, among other issues, that IDS was effective in producing alerts but had no mechanism for responding. "Organizations are deploying (IDSs) without any intention of doing incident response -- why detect an attack if you don't plan on doing anything about it?" said Mike Rasmussen, director of research, Giga Research. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. "Developing a Complete Security Event Management Solution" a Giga IdeaByte report published in May, "This is where EnCase Enterprises Edition from Guidance Software comes in, offering the ability to investigate incidents without taking the system offline. This adds significant value to the security event management solution as incidents on hosts can be remotely investigated with little impact on the organization." Guidance Software will host a webinar on the EEE IDS automated response functionality on March 11, 2004 at 10:00 am PDT PDT abbr. Pacific Daylight Time PDT Pacific Daylight Time PDT n abbr (US) (= Pacific Daylight Time) → hora de verano del Pacífico PDT . About EnCase Enterprise Edition EnCase Enterprise Edition (EEE) is for computer investigators and information security professionals who need to investigate computer breaches and other incidents throughout the enterprise. EEE is a powerful network-enabled incident response and computer forensics system that provides immediate and thorough forensic analysis of volatile and static data on compromised servers and workstations anywhere on the network, without disrupting operations. Without EEE, organizations must resort to cumbersome cum·ber·some adj. 1. Difficult to handle because of weight or bulk. See Synonyms at heavy. 2. Troublesome or onerous. cum and insufficient manual processes using stand-alone utilities that extend the response and investigation process by several days if not weeks, and require target systems to be taken out of service. This solution brings the highly successful and industry standard EnCase computer forensic technology to the enterprise for unprecedented incident response and investigation capability. EEE represents best practices for immediate incident response and investigation of perimeter breaches and internal threats. About Guidance Software Guidance Software is the leader in computer forensics and incident response solutions. Founded in 1997 and headquartered in Pasadena, CA, Guidance Software has offices and training facilities in California, Virginia and the United Kingdom. More than 12,000 corporate and government investigators depend on EnCase(R) software, while more than 3,500 investigators attend Guidance Software's forensic methodology training annually. Accepted by numerous courts and honored with eWEEK's Excellence Award and SC Magazine's "Best General Security" Award, EnCase(R) software is considered the standard forensic tool. For more information, visit Guidance Software's Web site at www.guidancesoftware.com. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion