TechNet Webcast: How Microsoft IT Uses SQL Server 2005 to Power a Global Forensic Data Security Tool (Level 300)  

The Microsoft Information Security team uses an internal tool called Information Security Consolidated Event Management (ICE) version 3.0 to gather forensic data from more than 85 proxy servers around the world. Powered by Microsoft SQL Server 2005, this 27-terabyte data management system collects different types of global evidence, such as inbound and outbound e-mail traffic, log-on events, and Web browsing, into a single database. Join this session to learn how ICE 3.0 provides rapid security analysis and queries, robust proxy performance analysis, and extensive troubleshooting functionality. We discuss how table-level partitions allow event processing and database loading without affecting the ongoing query activities and analysis work of security forensics engineers. Storage area networks (SAN) manage enterprise storage for ICE 3.0, and the service maintains an uptime of nearly 99.9%. A controller application dynamically launches multiple instances of Microsoft SQL Server Integration Services (SSIS), which seamlessly responds to changes in the volume of incoming evidence. This tool was redesigned in 2006 using SQL Server 2005. Join us for a closer look at how this SQL Server upgrade enhanced the data feed process and query response time, expanded the data retention period, and reduced manual data loading and data validations.

Presenters: Hariharan Sethuraman, Senior Program Manager, Microsoft Corporation, and Chris Haslam, Senior IT Systems Engineer, Microsoft Corporation

Hariharan "Hari" Sethuraman is a program manager in cross-IT (XIT) for the Microsoft IT group. He manages tools and application development programs that have an impact across Microsoft. Hari recently managed programs in the information security space.

As a senior IT systems engineer for Microsoft, Chris Haslam focuses on evaluating, testing, and recommending networked storage solutions for use within Microsoft datacenters. Chris is a Microsoft Certified Professional (MCP) and a Storage Networking Industry Association (SNIA) Certified Systems Engineer (CSE).