Enterprise security teams are beginning to acknowledge the need for forensic investigation tools, but not all of them are created equal. To capture a complete and accurate record of an attack, a system needs to save data from before the moment of the attack as well as after. Our Security Strategist Tom Rowley explains what makes a good forensic investigation tool in his latest article for TechBeacon.


Cyberattack CSI: Forensics investigations should start with pre-attack analysis

By Tom Rowley

Enterprise security teams have historically spent a lot of time, human resources, and money on developing strong defenses such as firewalls and deploying equipment and software like intrusion detection systems (IDS) to monitor the security of their networks. In fact, most enterprises have built an impressive level of expertise when it comes to configuring and monitoring these tools.

Nevertheless, as we all know, breach detection and prevention technologies are not foolproof. Given attackers’ success in penetrating standard corporate defenses, enterprise teams are looking beyond these well-known technologies and incorporating better tools and training that deal specifically with incident response once attacks have been discovered.

Read the rest of Tom’s article at TechBeacon: