Guidance Software sells one of the best computer forensics tools on the market. Their largest client base is law enforcement and other types who perform investigations.
According to Security Fix, they were hacked and the FTC found them negligent. Something about not taking basic security precautions, and keeping data they shouldn’t have. I don’t know, I get lost in details.
Customers should now feel confident, since Guidance has to undergo two years of mandatory security audits.
Oops. Too bad, it’s a cool product.
At least, once they detected the breach a few weeks after it happened, they had trained investigators and appropriate tools to realize they were screwed.
Reader interactions
4 Replies to “Things Not To Do If You’re A Security Company”
Disclosure first:
Yes. I am working for a CMF company (and i was thinking that everybody knows me 🙂
For the sake of full disclosure, I can also mention that previously, I was working for a different security company, and was responsible for its security solutions and products including (among others) firewalls, application security firewalls, IPS, web security etc.
In my _personal_ opinion, (working for the ‘‘other’’ side as well), in order to protect data (versus protecting the infrastructure), layered approach that with emphasis on acceptable usage of data would yield better security results.
Oh- that said, I really like CMF. Forgot to mention that part- one of my 3 favorite data security tools.
Now aren’‘t you an emplyee of CMF vendor? We’‘re fans of full disclosure here when it comes to who’s commenting.
CMF is definitely one of the tools that can help, but it also depends on how this hack took place. There are still a lot of ways around a CMF solution if you know what you’‘re doing. Maybe Database Activity Monitoring would have picked this up, or perhaps not keeping sensitive data in cleartext that shouldn’‘t have been retained in the first place?
That’s why I prefer a layered approach, as with most else in security. In this case we don’‘t know the vector for attack, so we can’‘t assume any single tool is the answer.
If we start thinking CMF is the ultimate data security solution, we’‘ll set ourselves up for failure just as surely as anyone who believe the firewall is the ultimate network security solution.
It’s depressing (after all, real people have to clean their credit history and pay for the losses), but the lessons that should be learned are beyond “we need a better firewall and some encryption”. This event proves (again) that despite the implementation of sophisticated malware detection, firewalls, IDS/IPS, and content filtering, corporations continue to leak customer data and company information. IMHO, focusing on the data, using CMF solutions is the only method to prevent leaks and data loss. The solutions should be configured in prevention mode, to block outgoing traffic that contains protected data.