Educause Security Discussion mailing list archives
Re: Malware forensics
From: "Nevin, David" <Dave.Nevin () OREGONSTATE EDU>
Date: Mon, 28 Nov 2011 10:30:32 -0800
Thanks Brian--that helps. Anyone else? On 11/20/11 11:31 AM, "Brian J Smith-Sweeney" <bsmithsweeney () NYU EDU> wrote:
If you outsource, do you use a major vendor such as one of the big consulting firms, or do you prefer a local specialist? How has this worked for you?We're somewhat hybrid - we do some in-house, but have been outsourcing more-and-more lately. We used to be a purely in-house forensics shop but looked at outsourcing for the following reasons: 1) Forensics work creates big spikes in our workload that are difficult to predict and account for. We'd basically lose an analyst for a week or so each time we decided to do this in an incident. 2) We felt our forensics service could be easily out-sourced without impacting the rest of our security program too much, and without too much overhead or setup time for existing staff (thankfully this turned out to be true). 3) Malware is getting advanced enough that we felt like without investing in a significantly more robust forensics infrastructure and probably a dedicated FTE, we weren't going to be able to keep up for much longer, so best to find a vendor we trust now so that we're prepared to completely outsource if that becomes a necessity. We have been extremely happy with our chosen vendor, SecureWorks. They've got excellent technical staff and their customer service has been more-than-satisfactory. When we initiate an incident we got a person, on the phone, able to help us pretty quickly. We have used them about half a dozen times and their work has been solid and consistent. They were a relatively small company but were recently bought by Dell. As far as I can tell that doesn't seem to have had a negative influence on the company. I'm happy to provide more details about our experience with them offline if you like. Cheers, Brian ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Brian Smith-Sweeney Project Lead ITS Technology Security Services, New York University http://www.nyu.edu/its/security ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Current thread:
- Re: Deepfreeze - Why not?, (continued)
- Re: Deepfreeze - Why not? Ryan Hiebert (Nov 17)
- Re: Deepfreeze - Why not? Dave Koontz (Nov 17)
- Re: Deepfreeze - Why not? SCHALIP, MICHAEL (Nov 17)
- Re: Deepfreeze - Why not? Rich Graves (Nov 17)
- Re: Deepfreeze - Why not? Mclaughlin, Kevin (mclaugkl) (Nov 17)
- Re: Deepfreeze - Why not? Tim Doty (Nov 18)
- Re: Deepfreeze - Why not? Rich Graves (Nov 17)
- Re: Deepfreeze - Why not? Heath Barnhart (Nov 18)
- Malware forensics Nevin, David (Nov 18)
- Re: Malware forensics Mclaughlin, Kevin (mclaugkl) (Nov 18)
- Re: Malware forensics Brian J Smith-Sweeney (Nov 20)
- Re: Malware forensics Nevin, David (Nov 28)
- Re: Deepfreeze - Why not? Mclaughlin, Kevin (mclaugkl) (Nov 18)