Tracking down security-related problems is like detective work – it’s methodical, logical and uses a little bit of common sense.
However, if there’s a need to gather evidence for a possible prosecution or civil suit, IT departments need to be rigorous.
D3 Security Management Systems, a Vancouver company that makes incident reporting and case management software, has just released a solution for organizations with full-time forensics staff who need specialized tools to put some order into investigations.
Called IT Forensics Case Management, it can be bought either as an on-premise or software as a service solution.
The goal is to have a sophisticated tracking system for all evidence seized and analyzed.
So after the user creates a file for the person being investigated, the system automatically creates a form for data sources seized (desktop hard drive, network hard drive, cell phone, email etc.) from each, what keywords were used for a search,
how much data was retrieved from the hard drive, how much was processed and chain of evidence of who had access to it after it was seized.
Managers and legal teams can get access to the system.
There’s also a Web portal where regular company staff can send request to the forensics team to start an investigation.
Gordon Benoit, a founder and president of D3, said in an interview the product is aimed at large organizations that have full-time forensic investigation staff.
One of its advantages is that fields and forms can be configured for each customer’s workflow. “How a bank would perform forensic investigation would be different from an oil company or a hospital,” he says.
“So we’re able to build a system for Fortune 50s that meets their exact business processes.”
The flexibility comes because IT Forensics is built on the foundation of the company’s other products, which are case management solutions for physical security, human resources, ethics/governance departments.
A little background: Benoit is an entrepreneur on his third startup. After selling his previous company he looked around for a new venture and saw a niche for a flexible incident reporting and case management system. Others he saw were built around a rigid schema. But, he says, every company has a different process – yet there are similarities to be leveraged.
D3’s first product, for recording and managing physical incidents, wasn’t just used by security staff. Because investigating incidents inevitably involves several internal corporate departments, those departments came into contact with the solution and started using it themselves. That led D3 to create tailored solutions from the same platform for those departments (for example, HR) or industries (healthcare, higher education, transportation, finance, energy, utilities).
The solutions are priced at US$2,000 per concurrent user for the on-prem version, or US$99 a person for the cloud version.
Benoit admits that IT Forensics not for mid-sized companies. “If you’re under a billion dollars in sales you’re probably not going to buy this.”
Other company products are Dispatch, which tracks an incident reported from the call to eventual outcome; Guard Tour, for physical security management; and eAlert, for submitting incident reports to appropriate staff.
The bot threat
Some of the most serious threats networks face today are "bots," remotely controlled robotic programs that strike in many different ways and deliver destructive payloads, self propagating to infect more and more systems and eventually forming a "botnet."