I’ve been a Cloud CISO for a little more than 5 years now. One consequence is that enterprise endpoint security products and I have rarely passed paths. Agile orgs running Linux / OSX with users perpetually outside the perimeter is not easily solved for with legacy endpoint products.
But I was curious what has changed…
This afternoon I read with interest the “Forrester Wave Endpoint Security Suites Q4, 2016” report.
The report could have been written ten years ago, with the notable exceptions:
- Companies like Carbon Black, Cylance, CrowdStrike and Bromium have emerged to challenge perennial industry giants. Any innovation in endpoint security is noteworthy. No longer is it acceptable for the incumbents to ride the cash cow of enterprise renewals without significant development efforts to keep pace.
- Quarantine = Remediation
You can find the Forrester report over on the Carbon Black website. (Gated, Sigh…)
AUSTIN TX — As I write this in October of 2016, a constant of American life is the inescapable media coverage of critical incidents involving law enforcement. The Media, in a free and open society, plays a critical role reporting and providing to the public a degree of transparency about how our government is policing us. We should be cautioned, however, to form our own individual opinions when digesting these events and to avoid being led blindly by a media narrative woven with information that is often, at best, incomplete, and at worst, completely wrong. Its easy to forget that even the best media coverage lacks the context that comes from having all of the information available to investigators.
The most important part of that information is, of course, the evidence. Evidence is and always has been the impartial witness that enables the facts to be known and justice to be served. Evidence collection and processing has evolved over several hundred years of policing into a mature discipline. A critical component of this discipline is “chain of custody”, a process that seeks to ensure the integrity of the evidence from the time of collection to final disposition of the case. Until recently, the traditional processes and technology used for evidence management had been sufficient. Unfortunately that is no longer the case. A disruptive force threatens even the most mature evidentiary processes. This force, in a word: data.
Every day we create 2.5 quintillion bytes of data, and a staggering 90% of the world’s data was created in the last two years. While the digital evidence associated with critical law enforcement incidents represents a tiny percentage of that data, it is undoubtedly one of the most important parts of it. While no data points exist to speak to the amount of digital evidence being created daily, empirical observations are telling. In addition to the video evidence generated by Body Worn Cameras (BWC’s) used by police officers, other sources such as video surveillance systems and the proliferation of video recording by the public are all contributing to an ever growing mountain of digital evidence that must be managed. This huge trove of data combined with public scrutiny of critical incidents is exerting new pressures on both law enforcement administrators and the technology they use to manage it.
Evidence management systems have evolved significantly from the paper systems of the 1960’s and the mainframes of the 70’s that were only tasked with tracking physical evidence. The personal computer revolution at the end of the 80’s finally enabled digital evidence management, even if only in the most rudimentary fashion. Today, the rise of cloud has enabled the creation of a new class of cloud-enabled Digital Evidence Management Software (DEMS) products, purpose built to manage the enormous amounts of data we must maintain with integrity. While its admittedly not a panacea, in today’s world, cloud based DEMS may represent the best method we have for ensuring that all evidence eventually facilitates justice.
This article is a repost of an article originally guest authored for the DoubleHorn blog.