First Estonia. Then Georgia. Increasingly, the theoretical potential for cyberwar is becoming hard reality. One new report argues that the unchecked proliferation of cyber warfare weapons is comparable to that of nuclear warheads. At least one branch of the US military, United States Navy takes the threat seriously and monitors cyber threats on a daily basis.
To combat this growing threat Guidance Software announced on Monday a new proactive version of its classic digital forensic software, EnCase, already in use by government and law enforcement worldwide for conducting incident response investigations. By partnering with Bit9 and HBGary, Guidance Software believes EnCase CyberSecurity fills a future need for computer network defense, counterintelligence, and incident response-tasked government agencies. In adding threat and memory analytics, the Pasadena, California-based digital investigations company says government agencies will now be able to completely recover computers from malicious code attacks, proactively identify enterprise wide at-risk computers, combat evolving malware, and also conduct deep code analysis of suspicious binaries or processes.
Bit9 is a leader in white list technology, and owns a database of several thousand "good" and "bad" files. It has already partnered with Guidance Software for its Encase Bit9 Analyzer. Within the new EnCase CyberSecurity product, the EnCase Bit9 Analyzer reputation service will be integrated to provide multiple types of digital investigations, including forensics and eDiscovery. Say for example a typical enterprise-wide incident response investigation includes 100,000 files; finding the one foreign file that's germane to the investigation can be daunting. Doug Cahill, Vice President, Business Development at Bit9, said "the use of the EnCase Bit9 Analyzer by federal agencies, financial services companies, retailers, manufacturing firms, and others allows investigators and forensics teams to quickly eliminate 'known good' files expediting the investigation saving time, and lowering the cost of the investigation."
But physical drives aren't the only hiding places for malware today.
"Cyberattackers increasingly are injecting malware into memory," said Greg Hoglund, CEO and founder of HBGary. "Most malware is just a variant, repackaging itself so that virus scanners cannot detect them. Memory analytics is a better way to detect malware." As a result, Guidance Software will also integrate HBGary Responder Pro's memory analytic capabilities and malware detection into Encase CyberSecurity.
Guidance Software says EnCase Cybersecurity will be available in the third quarter of 2009.
Robert Vamosi is a risk, fraud, and security analyst for Javelin Strategy & Research and an independent computer security writer covering criminal hackers and malware threats.