Network Security Breaches: 10 Things to Do Immediately After
Try Not to Fret Too Much: This is Happening To Everyone
Numerous studies show most large and midsize companies reported some type of data system attack in 2011. A majority of data security companies and industry analysts are predicting more frequent and higher-level attacks in 2012.
IDS/IPS Not Enough
Intrusion detection and prevention systems often are not enough protection. Attacks continue to circumvent the best such solutions. Hackers always look at what new measures are in place and purposely find ways around them.
Apply New/Updated Measures Now
Don't wait until it's too late to have a network contingency plan in place. Too late could be today.
A recent industry survey reported that in 40 percent of enterprise breaches, IT professionals could not identify the source of the attack.
Record All Network Traffic
Any data that slips through the cracks might be the key to characterizing the breach and assessing the damage. If you can obtain software that can record and replay selected traffic instances, you're well on the way to apprehending the hacker(s).
Network Recording to Network Forensics
With all network traffic recorded, dissect the attack with network forensics tools. This brings together all the clues and evidence you need to build a case against the hacker(s).
Answer the Key Questions
Gather all the pertinent information necessary as quickly as possible because time lost most often means evidence lost. Key questions are the same as those asked by a journalist covering a story: Who, what, when, where and how?
Compliance and Reporting
Network forensics allows you to adequately address your legal requirements.
Retune and Recalibrate
Use network forensic results to recalibrate existing preventive systems.
Network Security Insurance Policy
Network recording and network forensics is your insurance policy once the inevitable happens.