As customers increase their use of cloud platforms the risk of a cybersecurity incident increases. Such an incident could range from malware infecting the cloud services and thus the computers of staff and customers or a major data outage. Irrespective of which cloud vendor is used, there will always be a cybersecurity risk.
Dealing with a cyber incident can be incredibly complex. In several countries around the world it is now a requirement that companies report when they have had a cybersecurity breach. That list of countries is growing as governments and regulators realise that the best way to raise standards is to force companies to reveal when they have been attacked. The expectation is that the reputational embarrassment will force them to take action to prevent an attack.
Dell SecureWorks Emergency Cyber Incident Response (ECIR)
To help its customers who are now deploying production workloads on Amazon Web Services, Dell SecureWorks in collaboration with AWS has created its own ECIR. One of the challenges for customers when it comes to cloud systems is getting the forensics rights.
Hardware deployed inside an enterprise’s own data centre can be immediately turned off and preserved for forensic investigators. When using the cloud, much of the hardware, especially storage, is a shared media so carrying out a forensic investigation is extremely difficult. It is not just the problem of the cloud but the fact that the hardware may be stored in another country creating issues over laws, legal primacy and access for investigators.
According to the press release: “AWS provides unique methods to contain compromised instances and credentials, mitigate propagation of threats, snapshot and collect data, and quickly stand up resources for analysis. As a result, Dell SecureWorks has codified these techniques in order to perform highly efficient and scalable cyber incident response investigations.”
These are essential steps to help investigators understand what has happened so that they can track who has committed the crime, what they have done, where they might be and how they did it. Jeffrey Carpenter, director of the Incident Response and Digital Forensics practice at Dell SecureWorks said:
“Our Incident Response team is comprised of an elite group of individuals with backgrounds in cyber investigations, technical analysis, research, and crisis management spanning national, military, and organizational Computer Security Incident Response Teams (CSIRTs), as well as law enforcement agencies.”
This is an important announcement for Dell. Since it went back to being a private company under the control of Michael Dell it has changed its focus. Consumer sales now make up a very low percentage of the business. The majority of sales are focused on the service provider and very large enterprise market where Dell is making big inroads.
By beefing up its cybersecurity division it is putting itself in competition with the likes of IBM, HP, Symantec, Intel and other established security players. Emergency Cyber Incident Response is an area that is complex and fraught with problems for companies. This deal shows that Dell is willing to take on these areas of security which will play well with both of its key service provider and large enterprise markets.