Incident Response Tools

Incident-response tools are becoming increasingly important as new regulations and legislation stipulate disclosure after security breaches. Without established procedures, companies can be penalized for noncompliance. Well-known software companies such as Guidance Software, Mandiant and Technology Pathways are developing products to assist with live incident response and memory acquisition. Independent researchers are publishing their findings on their Web sites and producing open-source tools for incident response. Live incident response and new memory analysis techniques are providing more information than believed possible. For companies subject to rigorous legal inquiry, mature commercial tools offer benefits over open-source tools, which must undergo peer review and may be met with skepticism in a courtroom.

Regulations such as the Gramm-Leach-Bliley Act, HIPAA, Sarbanes-Oxley, PCI DSS and California SB 1386 are driving companies and government agencies to document their incident-response procedures following a security breach or other crime. How volatile data is handled is especially critical.

Stepping in to help organizations tackle this problem are incident-response tools that ease compliance with regulations. Researchers also are making tremendous progress in increasing the level of analysis that can be applied during the investigation process. With new memory-analysis techniques, incident-response teams can track down changed data and threats far more effectively than ever before.

These incident-response systems provide a structured method for gathering and analyzing evidence. Companies can use them to preserve critical data and minimize downtime following an incident, possibly preventing disclosure of sensitive data and protecting their reputation.