Forensics 'critical' in enterprise security

The ability to conduct deeper analyses on compromised machines will aid security policies and procedures of businesses, says former FBI forensics expert.

Forensics examination of compromised machines will make enterprise security more complete, according to a specialist in the field.

Brent Botta, eDiscovery practice leader at Guidance Software, told ZDNet Asia in an interview that it is "absolutely critical to incorporate forensics" into enterprise security policies and procedures. eDiscovery is a suite of products targeted at digital data investigations.

"Without forensics, even if you can isolate the entry point of that machine, you can't take that and go to the next layer to understand how much of a problem this vulnerability is," said Botta, a former computer specialist and forensics examiner with the San Francisco Division of the Federal Bureau of Investigation (FBI).

Companies in the region are beginning to understand the value forensics bring to enterprise security, said Matthew Gyde, general manager for security solutions at Datacraft Asia. Datacraft has partnered Guidance Software for the last two years, to learn about such technology and how it can be used in security offerings to clients.

Gyde noted: "Large corporations have moved forensics from a 'nice-to-have' to a 'must-have' situation…we're starting to see some of the smaller large corporates moving in that direction as well, so I think you're going to see that as a general trend [going forward].

"It's not about deploying point products any more; it's about deploying a secure network--that isn't just a single product from a single vendor; it's a mix of lots of different vendors who specialize in best-of-breed in their space," he added.

Gyde said Datacraft is seeing an uptake in such investments from its clients, and the company is now well-positioned "to start growing that type of business".

But even as companies tap on more sophisticated technology to secure their infrastructure and data, some still require a shift in mindsets, said Gyde. Very often, he pointed out, businesses spend significant amounts on security and then presume that they are secure.

"It needs to be understood that regardless of how much money you spend you're never a hundred percent secure," said Gyde. "But what you can do is reduce your level of risk, and that's definitely a different way of thinking--[enterprises] start to invest smart."

Guidance Software's Botta said companies also have the habit of addressing security risks conceptually, but fail to follow up on implementing the necessary tools and training of staff in the use of such tools to avoid security breaches.

Another pitfall in enterprise security, said Botta, is the lack of big-picture mentality. Companies often address individual issues as they arise and not strategically across different departments, even though the same technology could be applied to solve similar business problems in different parts of the organization.