What's Happening in Information Security

I find that most enterprises do not think about SIEM as a forensics tool. They think of it as a log aggregator or as a compliance engine and yet, given the increase in data issues we have today (which is only the tip of the iceberg), enterprises need to find a way to be smarter about their own internal investigations before they bring in law enforcement or pay costly consulting fees. 

It turns that that some SIEM solutions enable an enterprise to do all the precursor of an investigation without making its employees feel like they're being watched and without the hassle and time of an intensive forensics process. By setting appropriate policies, a SIEM device could easily help an enterprise determine if inappropriate behavior is going on. An employee could be monitored until reasonable evidence existed and then if necessary the machine could be commandeered.

Frost & Sullivan believes that a solution like Intellitactics ISM provides enough flexibility in its policy creation engine to allow enterprises of all sizes perform the kind of preliminary investigations needed to determine if a next step is necessary. Intellitactics has the ability to tie user identity to actions allowing for easy monitoring of sensitive data and can provide critical data at the fingertips of an incident response team or law enforcement should a breach be criminal in nature.

In the highly electronic world we live in today, the ability to conduct initial investigation is going to become second nature to enterprises. There’s too much data to try and run to law enforcement at every suspected infraction. SIEM will prove an invaluable tool in the initial evaluation of actions or an incident – helping to determine whether an incident occurred and if the corrective action is a human resources issue or a criminal one.

For more about the New Forensics listen to Rob's podcast!
Tell us if you're using your SIEM for forensic investigation. Comment NOW!