We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Guidance forensics tool now working with SIEM

Guidance Software today said its computer forensics tool is now capable of automated collection of data on endpoint devices, including computers and smartphones, based on a security information and event management (SIEM) alert.

The Guidance product, EnCase Cybersecurity version 4.3, can now take action to collect forensics data on endpoints after receiving a security alert from the HP SIEM, ArcSight Enterprise Security Manager. According to Anthony Di Bello, Guidance product marketing manager, the goal is to immediately collect forensics data as a security incident may be in progress, perhaps in the middle of the night, if the SIEM issues an alert based on its own compilation of security information from various sources.

Security roundup for week ending Oct. 14

"The purpose could be to see who logged into a machine, what ports were open, and other information that could easily decay and not be detected again," says Di Bello. "It's the ability to immediately grab a snapshot of an endpoint when that alert comes in through a SIEM." This could be a way to collect evidence of the type of intrusion today often referred to as an advanced persistent threat.

The snapshot of that kind of forensics information would be immediately sent to the SIEM, which correlates information collected from various sources, and could be used for remediation. The types of endpoints supported in EnCase client software are various versions of Windows, as well as Linux, Solaris and HP-UX, plus smartphones and mobile devices that include Apple iOS devices, Android, Microsoft Mobile 7 and Palm and Symbian.

This is the first time that Guidance has linked its EnCase forensics tool to a SIEM by building a connector for it, says Di Bello. It selected ArcSight in part because several Guidance customers today have it. On its future roadmap, Guidance wants to integrate EnCase Cybersecurity with the SIEM from Q1 Labs (which is being acquired by IBM, a deal expected to close by year-end).

Guidance is also exploring how EnCase Cybersecurity could be integrated into an automated collection mode through other types of security monitoring and detection tools, including those from FireEye and Damballa.

Read more about wide area network in Network World's Wide Area Network section.


IDG UK Sites

Black Friday 2014 tech deals UK Live: Best Black Friday deals from Apple, Amazon, Argos, eBay,...

IDG UK Sites

Black Friday feeding frenzy infects the UK

IDG UK Sites

VAT MOSS: Will I be affected by the EU VAT changes? Here are the facts for designers and artists

IDG UK Sites

Black Friday 2014 UK: Apple deals, Amazon deals & Black Friday tech offers