This week I will be traveling out to Las Vegas to attend the Computer and Enterprise Investigations Conference (CEIC) the largest digital investigations and forensics conference in the world. A few short years ago this may have seemed an odd destination for a CISO of a cloud service provider but this is precisely why I am excited to attend.
There is a very interesting convergence taking place that I will be exploring. This convergence is the integration of digital forensics tools into the mainstream enterprise, but more interestingly the network/cloud. Forensic tools, techniques and tactics show great promise when used in conjunction with existing security tools to reduce the time from breach to discovery, assist in remediation and ultimately reduce the entire incident response life-cycle. At least this is the kool-aid that companies like Guidance Software (owns CEIC) and AccessData would have us drink. This is a developing market segment with software that needs several iterations of development and integration before its full potential can begin to be realized.
Maturation of the software may not be the greatest challenge however. There is a larger cultural clash to be considered. Traditional forensics software is heavily rooted in law enforcement investigatory procedures, rules of evidence and other legal benchmarks. This world is largely foreign to the network administrators and other information security experts that are battling on the front lines to protect their organizations from beach. I have often argued that the best approach to solving many IT/security related problems is with an investigatory mindset. Think like a detective in other words. The intersection and integration of digital forensics into the network culture will certainly help bring this transformation over the next few years.