Computer Associates (CA) bigwigs are currently in Australia spruiking the advantages of their eTrust Network Forensics toolkits.
Already the vendor has sealed one deal with a "large Australian government agency", according to Malcolm Lister, CA director of financial services and security. Lister said previous forensic discussions were generally only held with police and "security-type' agencies
Jason Micals, director of CA's worldwide forensics team, is in Australia teaching staff about the functionality of network forensics.
"The skill set for network forensics is not there in the industry today," Micals said.
"More of the focus has been put on host-based forensics and not actually network-based forensics, which allows an organization to see what is across its infrastructure to spot anomalous activity. "Forensic capability has grown from the requirement to see something on a hard drive to seeing where information was found.
"Network forensics in real time shows who can access what servers and it also ensures access management tools are doing the job they were purchased to do."
Micals also said the forensic capability of many tools can create an airtight case in relation to prosecution over unwanted data access and inappropriate use of corporate data, intellectual property and hacking incidents. However, many organizations still stubbornly refuse to prosecute.
"You are still going to require forensic or investigative skills to prosecute someone; most firms just find the problems and remediate, but network forensic tools make the evidence gathering easier," Micals said.