DCN November 2016 | Page 18

security FORENSIC FOCUS Tom Rowley of Savvius explains how post-breach forensics can play a vital role in regaining the upper hand against cyber criminals. A couple of years ago, Joseph Demarest, assistant director of the US Federal Bureau of Investigation’s Cyber Division, told congress that ‘approximately 500 million computers are infected globally each year, translating into 18 victims per second.’ Smartphones are not far behind; Trend Micro reports in its 2016 Trend Micro Security Predictions: The Fine Line, that over 20 million smartphones are infected with malware bots. This means 18 that the historical focus on network security to prevent or at least detect initial attacks is failing. Although companies have invested millions of dollars in security hardware and software, including firewalls, antivirus and patch management systems, it is nonetheless true that targeted attacks will almost always succeed. This isn’t an indictment of the network security defence teams. There are many factors which have swung the balance in favour of attackers – the emergence of new ‘attack surfaces’, such as bring-your-own-device (BYOD), the cloud, legacy systems that can’t be patched for fear of failure or disruption, and production software released without being tested for vulnerabilities, just to name a few. Acknowledging these problems, network security teams are taking a page from the methods commonly used by law enforcement officers. Most police detective work is focused on finding clues to a crime after it has happened. The goal is to rapidly identify and apprehend a criminal, not to catch the crime in progress. Similarly, instead of relying on static