Network Security Breaches: 10 Things to Do Immediately After

Try Not to Fret Too Much: This is Happening To Everyone

Numerous studies show most large and midsize companies reported some type of data system attack in 2011. A majority of data security companies and industry analysts are predicting more frequent and higher-level attacks in 2012.

IDS/IPS Not Enough

Intrusion detection and prevention systems often are not enough protection. Attacks continue to circumvent the best such solutions. Hackers always look at what new measures are in place and purposely find ways around them.

Apply New/Updated Measures Now

Don't wait until it's too late to have a network contingency plan in place. Too late could be today.

Be Prepared

A recent industry survey reported that in 40 percent of enterprise breaches, IT professionals could not identify the source of the attack.

Record All Network Traffic

Any data that slips through the cracks might be the key to characterizing the breach and assessing the damage. If you can obtain software that can record and replay selected traffic instances, you're well on the way to apprehending the hacker(s).

Network Recording to Network Forensics

With all network traffic recorded, dissect the attack with network forensics tools. This brings together all the clues and evidence you need to build a case against the hacker(s).

Answer the Key Questions

Gather all the pertinent information necessary as quickly as possible because time lost most often means evidence lost. Key questions are the same as those asked by a journalist covering a story: Who, what, when, where and how?

Compliance and Reporting

Network forensics allows you to adequately address your legal requirements.

Retune and Recalibrate

Use network forensic results to recalibrate existing preventive systems.

Network Security Insurance Policy

Network recording and network forensics is your insurance policy once the inevitable happens.