Security Forensics

Security forensics is an important component of any security incident response process, particularly for those cases where a system has been compromised. There are two key aspects to security forensics that InfoCenter components address.

Firstly, when a pre-compromise threat is identified by ThreatCenter's security event correlation routines, users can quickly drill down into real-time security forensics to determine what other attack events have been triggered. Depending on the user's wishes, this real-time forensic analysis can be performed for just the events that triggered the threat correlation, or for all events related to that attacker: target, port, exploit etc. Either way, this real-time security forensics reporting in the attack database provides operators and security analysis with the information they need to make the right decisions quickly.

Secondly, for historic activity analyses and post-mortem analyses, LogCenter's security forensic database provides a uniquely scalable, powerful and affordable data repository for all log events, regardless of whether a log event was an attack incident or not. Potentially storing terabytes of data, LogCenter's security forensics module combines high speed batch data storage with massive data compression ratios and fast reporting. The patented approach ensures only relevant data is decompressed in response to a user query, ensuring that security forensic reporting is fast and efficient.

InfoCenter also combines the GUIs for the real-time threat identification and event correlation with the security forensics module in the same web-based console. Keeping deployment costs and long-term ownership chores to a minimum, only SMC can deliver efficiency, scale and affordability for enterprise-scale security forensics and threat analysis.