BreachBytes

The security industry today is making big money on forensics. SANS alone has three different courses on the subject. Guidance Software has built a highly successful company by focusing solely on computer forensics. This is great but anyone that has ever done a computer forensic investigation knows that it is a time consuming, tedious process that is prone to human error. They also know that computer forensics is often not the end of an investigation but the beginning of a larger incident.

Often a computer forensic investigation will yield evidence showing that the compromised host was not an isolated compromise but part of something larger and nastier. This is where computer forensics meets network forensics. Surprisingly, the security industry is lagging far behind when it comes to network forensics. The focus has been on computer forensics but a shift towards network forensics in the industry is inevitable.

(more…)

Computer security is not a static field. Some people call it job security; others call it life with a beeper that goes off always at the wrong time. However, for a dynamic field the nature of the threats don’t seem to change that much. Back in the day, Script Kiddies earned their name and most were only interested in defacing web sites. Today, these same attacks are coming from a much more educated group, working in unison, to gain personal information or monetary goals. To compound the issue, technology is always changing. Our users demand these technologies in the name of productivity, (I hear a lot of the world’s major issues have been solved with bitTorrent) but early adopters usually get rewarded with the latest zero day attack. The one thing that hasn’t seemed to advance is the savvy of our end users. Phishing and email scams continue to grow because they continue to work.

(more…)