Print This Story  Email This Story  Save this Link View PR Newswire's RSS Feed  Blogs Discussing this News Release  Search Blogs that Mention this News Release  Click this link to view linked Bookmarking Services Click this link to view linked Blogging Services

IDS Response Bolstered with Computer Forensics
 
  Guidance Software's EnCase(R) Enterprise Edition Monitors and Responds to
    SNORT(TM) and Internet Security Systems'(TM) RealSecure(R) IDS Alerts

    PASADENA, Calif. and SAN FRANCISCO, RSA Conference, Feb. 25
/PRNewswire/ -- Guidance Software, Inc. today announced that its award-winning
EnCase Enterprise Edition (EEE) software supports automatic response to the
leading open-source intrusion detection system (IDS) SNORT(TM) and the leading
commercial IDS application from Internet Security Systems(TM), RealSecure(R)
alerts.  In addition Guidance Software announced through ODBC, EEE detects and
responds to alerts from other IDS solutions and perimeter security systems
such as firewalls.
    The support of SNORT and RealSecure provides security administrators
immediate response to high-priority IDS alerts through an automated capture of
critical evidence directly from the system or systems being attacked.  EEE
provides network-enabled incident response and a computer forensics system for
immediate and thorough forensic analysis of servers and workstations, anywhere
on a network, without disrupting operations.  Thus, when responding to a high-
priority alert, EEE will automatically obtain a system snapshot of the server
or workstation in question, displaying all the open ports, running processes,
open files, the live registry and other volatile data that will provide
definitive information on whether a system has been compromised.
    EEE is utilized by numerous commercial and government organizations to
conduct network investigations of workstations and servers.  "This development
enables a complete incident management process to support an organization's
investment in IDS systems," said John Patzakis, president and CEO of Guidance
Software. "Forensically sound response and investigation is now immediate,
providing a precise evaluation of an IDS alert that quickly determines the
magnitude and scope of an incident."
    Industry analysts recently questioned IDS technology, saying, among other
issues, that IDS was effective in producing alerts but had no mechanism for
responding.  "Organizations are deploying (IDSs) without any intention of
doing incident response -- why detect an attack if you don't plan on doing
anything about it?" said Mike Rasmussen, director of research, Giga Research.
According to "Developing a Complete Security Event Management Solution" a Giga
IdeaByte report published in May,  "This is where EnCase Enterprises Edition
from Guidance Software comes in, offering the ability to investigate incidents
without taking the system offline. This adds significant value to the security
event management solution as incidents on hosts can be remotely investigated
with little impact on the organization."
    Guidance Software will host a webinar on the EEE IDS automated response
functionality on March 11, 2004 at 10:00 am PDT.

    About EnCase Enterprise Edition
    EnCase Enterprise Edition (EEE) is for computer investigators and
information security professionals who need to investigate computer breaches
and other incidents throughout the enterprise. EEE is a powerful network-
enabled incident response and computer forensics system that provides
immediate and thorough forensic analysis of volatile and static data on
compromised servers and workstations anywhere on the network, without
disrupting operations.  Without EEE, organizations must resort to cumbersome
and insufficient manual processes using stand-alone utilities that extend the
response and investigation process by several days if not weeks, and require
target systems to be taken out of service. This solution brings the highly
successful and industry standard EnCase computer forensic technology to the
enterprise for unprecedented incident response and investigation capability.
EEE represents best practices for immediate incident response and
investigation of perimeter breaches and internal threats.

    About Guidance Software
    Guidance Software is the leader in computer forensics and incident
response solutions. Founded in 1997 and headquartered in Pasadena, CA,
Guidance Software has offices and training facilities in California, Virginia
and the United Kingdom. More than 12,000 corporate and government
investigators depend on EnCase(R) software, while more than
3,500 investigators attend Guidance Software's forensic methodology training
annually. Accepted by numerous courts and honored with eWEEK's Excellence
Award and SC Magazine's "Best General Security" Award, EnCase(R) software is
considered the standard forensic tool. For more information, visit Guidance
Software's Web site at http://www.guidancesoftware.com.
SOURCE Guidance Software, Inc.



Back to Topback to top

Related links:
  • http://www.guidancesoftware.com
    CONTACT:
    Jaci Robbins of Lages & Associates,
    +1-949-453-8080, jaci@lages.com, for Guidance Software, Inc.
    www.technorati.com Blogs Linking to this News Release at Technorati
    Issuers of news releases and not PR Newswire are solely responsible for the accuracy of the content.
    Terms and conditions, including restrictions on redistribution, apply.
    Copyright © 1996- PR Newswire Association LLC. All Rights Reserved.
    A United Business Media company.