Saturday, June 27, 2015

Tabula Rosa Systems Product Of The Day - A New CIRT (Cyber Intelligence and Response Technology)

Here is a nice product I came across. It brings a nice suite of products as well as a low cost SIEM.

Peter Stephenson
March 03, 2014
CIRT from AccessData Group
My regular readers know that I love forensics and I love innovation. Give me both in a single product and you have my attention. With its new CIRT (Cyber Intelligence and Response Technology), AccessData Group has knocked one out of the ballpark. The framework contains everything needed to perform digital forensic incident response (DFIR). This is a full lifecycle – from detecting to analyzing to remediating – and it's all in a single package
If we stop and think about the forensic process, we see that there are some key aspects from a DFIR perspective. First, we want to know that an incident is occurring/has occurred. Second, we want to know the nature of the incident. Third, we want to perform detailed analysis, even if our environment is thousands or tens of thousands of computers. And finally, having found the root cause, we want to clean up the network and get on with business. And, we want to do all of that with minimal disruption to our users. CIRT provides all of that. 

Beginning with detection, CIRT integrates with a SIEM. There is a lot happening on the network and the SIEM is the device most likely to see it all. We also get removable media monitoring and analyst-in-the-middle decryption of SSL data streams. Once we know that something is going on, we need to figure out what it is. That's where the network- and host-based packet capture and IOCs (indicators of compromise) come into the picture.

This all is bolstered by ongoing threats and indicators of compromise (IOC) feeds to keep the detection piece current. Finally, CIRT remediates problems automatically and saves anything needed saving for further analysis. A user has detected the incident, analyzed it and remediated damage – all with a single suite of tools operating in a single pane of glass.
Visualization is solid. This is a critical issue when there is so much data. Like most similar systems, hosts on the network report back using data collected by agents. These can be persistent or volatile (dissolvable), and the persistent agents do the analysis locally, sending results only back to the central control point. This lessens network impact significantly.

An important aspect of CIRT is project management. The project is the paradigm that CIRT uses, and setting up a project is straightforward. There are places in the project definition forms to establish who is in each of many roles and project flows, including such functions as legal and outside consultants, as well as all of those other functions that one would expect.

Overall, I have not seen a more complete approach to managing security from the forensic perspective. Indeed, this is the first I've seen that really addresses that – or responds to cyber incidents, especially in large environments, a milieu for which this is very well suited. If one really wants to integrate security management and digital forensic response in a single system that can help address compliance and the other issues that devolve around information security, this is not only your best choice, today it is your only choice.
**Important note** - contact our company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications. 

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.

No comments:

Post a Comment