South African companies that want to protect their businesses against computer-related crimes such as fraud and data theft should invest in enterprise forensic software tools that allow them to investigate security breaches and acquire evidence against wrongdoers that will stand up in court.
That's the word from Derek Street, product manager at SecureData Security. He says that companies face a range of business risks around their data and IT infrastructure, including theft of intellectual property, white-collar crimes such as fraud, human resources violations, and employees using enterprise computers for illegal or immoral activities.
One of the enterprise's most effective tools against the risks of employees abusing corporate data and computers is offer them the certainty that they will be caught and punished for their actions. Companies therefore need to be able to uncover who was responsible for criminal acts or transgressions against corporate policy and provide solid evidence that can be used to prosecute them or dismiss them.
Says Street: "All around the world, companies are beginning to understand the importance of self-policing policies and investigation capabilities that allow them respond to security breaches. Legislation such as the US's Sarbanes-Oxley has highlighted how important it is that companies put in place an incident response and internal investigation capability that can provide forensically sound evidence that can be handed to law enforcement or legal counsel when needed."
One challenge lies in the fact that collecting evidence is usually a time-consuming process, which means that investigations can be delayed, deadlines may be missed, and work might be disrupted while evidence is gathering from workstations, says Street. In addition, investigators need access to tools that ensure evidence is gather in a forensically sound manner and that can demonstrate to a court that computer and data are not tampered with.
To address these challenges, companies should look for network-based forensics solutions that provide complete network visibility, and comprehensive, forensic-level analysis of servers and workstations anywhere on a network, Street adds. Such a solution should be able to securely investigate/analyse many machines simultaneously over the LAN/WAN at the disk and memory level without disrupting operations, causing downtime, or alerting the target that he or she is under investigation.
It should also as far as possible, automate time-consuming investigative processes, incident response and eDiscovery. These tools can provide detailed information across the lifecycle of a document, such as who accessed, created or edited a document, whether it was printed or emailed (and by who), and much more, often even if the user has deleted information in a bid to cover his or tracks.
One of the important things to look for in a forensics tool is a track record with courts and law enforcers around the world, proving its ability to acquire data in a forensically sound manner, says Street.
Concludes Street: "Companies have a due to their shareholders to be able to acquire any evidence necessary against those who commit fraud, steal company intellectual property or abuse company systems and information in any other way. A good forensics solutions is an important element of the technology infrastructure they need to do so."