It consisted, at the time, of four layers: avoidance (everything you do to avoid the consequences of an intrusion attempt), assurance (everything you do to test your avoidance measures), detection (intrusion detection among other things), and response (what you do when the other three layers fail). A few years later, Tom Peltier, a long-time colleague and friend, divided the fourth layer into response and recovery.
I bring this up because today, 10 or more years later, these basic building blocks still apply, and this month we will address two of them: detection and response. On the detection side, Justin Peltier reviews some small- to mid-sized managed security monitoring service providers. Mike Stephenson, on the response side puts several digital forensics tools through their paces.
When we scheduled the managed security service provider reviews, we expected to be deluged with requests from providers who wanted to participate. We certainly were surprised when not only did that not happen, but we couldn't talk any of the major players into participating. We can speculate about why this is so, of course. One colleague told me he was not surprised. Most MSSPs, in his view, are less than responsive, and he opined that they did not want to be found out. I'm not sure I quite go along with that view, but I must admit to a certain level of astonishment.
As I was struggling to come up with a theme for digital forensics tools, the idea fell into my lap, almost literally. Mike brought a bunch of manuals for this month's reviews into my office, dropped them on my desk and said, "Have you ever heard of these?" Well, of course I had, but each one of the products had a unique purpose beyond simply analyzing a computer's hard disk.
That gave me an idea. Last year we looked at a collection of forensics tools that went beyond straightforward computer forensics, and we did that in the context of incident response. What each of our current batch of products has in common is that each is unique and innovative. So, in addition to looking
at the traditional products, this month we also look at specialized digital forensics tools. Enjoy!
— Peter Stephenson, technology editor