Here is a nice product I came across. It brings a nice suite of products as well as a low cost SIEM.
============================================
Peter Stephenson
March 03, 2014
CIRT from AccessData Group
My regular readers know that I love forensics and I love
innovation. Give me both in a single product and you have my attention. With
its new CIRT (Cyber Intelligence and Response Technology), AccessData
Group has knocked one out of the ballpark. The framework contains everything
needed to perform digital forensic incident response (DFIR). This is a full
lifecycle – from detecting to analyzing to remediating – and it's all in a
single package
.
If we stop and think about the forensic process, we see that
there are some key aspects from a DFIR perspective. First, we want to know that
an incident is occurring/has occurred. Second, we want to know the nature of
the incident. Third, we want to perform detailed analysis, even if our
environment is thousands or tens of thousands of computers. And finally, having
found the root cause, we want to clean up the network and get on with business.
And, we want to do all of that with minimal disruption to our users. CIRT
provides all of that.
Beginning with detection, CIRT integrates with a SIEM.
There is a lot happening on the network and the SIEM is the device most likely
to see it all. We also get removable media monitoring and analyst-in-the-middle
decryption of SSL data streams. Once we know that something is going on, we
need to figure out what it is. That's where the network- and host-based packet
capture and IOCs (indicators of compromise) come into the picture.
This all is bolstered by ongoing threats and indicators of
compromise (IOC) feeds to keep the detection piece current. Finally, CIRT
remediates problems automatically and saves anything needed saving for further
analysis. A user has detected the incident, analyzed it and remediated damage –
all with a single suite of tools operating in a single pane of glass.
Visualization is solid. This is a critical issue when there
is so much data. Like most similar systems, hosts on the network report back
using data collected by agents. These can be persistent or volatile
(dissolvable), and the persistent agents do the analysis locally, sending
results only back to the central control point. This lessens network impact
significantly.
An important aspect of CIRT is project management. The
project is the paradigm that CIRT uses, and setting up a project is
straightforward. There are places in the project definition forms to establish
who is in each of many roles and project flows, including such functions as
legal and outside consultants, as well as all of those other functions that one
would expect.
Overall, I have not seen a more complete approach to
managing security from the forensic perspective. Indeed, this is the first I've
seen that really addresses that – or responds to cyber incidents, especially in
large environments, a milieu for which this is very well suited. If one really
wants to integrate security management and digital forensic response in a
single system that can help address compliance and the other issues that
devolve around information security, this is not only your best choice, today
it is your only choice.
===============================================
**Important note** - contact our company for
very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:
www.tabularosa.net
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.
www.tabularosa.net
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.
Lastly, I
am the founder and president of Tabula
Rosa Systems, a company that provides “best of breed” products for network,
security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT
product information for virtually anyone.
==============================================