1Try Not to Fret Too Much: This is Happening To Everyone
Numerous studies show most large and midsize companies reported some type of data system attack in 2011. A majority of data security companies and industry analysts are predicting more frequent and higher-level attacks in 2012.
2IDS/IPS Not Enough
Intrusion detection and prevention systems often are not enough protection. Attacks continue to circumvent the best such solutions. Hackers always look at what new measures are in place and purposely find ways around them.
3Apply New/Updated Measures Now
Don’t wait until it’s too late to have a network contingency plan in place. Too late could be today.
A recent industry survey reported that in 40 percent of enterprise breaches, IT professionals could not identify the source of the attack.
5Record All Network Traffic
Any data that slips through the cracks might be the key to characterizing the breach and assessing the damage. If you can obtain software that can record and replay selected traffic instances, you’re well on the way to apprehending the hacker(s).
6Network Recording to Network Forensics
With all network traffic recorded, dissect the attack with network forensics tools. This brings together all the clues and evidence you need to build a case against the hacker(s).
7Answer the Key Questions
Gather all the pertinent information necessary as quickly as possible because time lost most often means evidence lost. Key questions are the same as those asked by a journalist covering a story: Who, what, when, where and how?
8Compliance and Reporting
Network forensics allows you to adequately address your legal requirements.
9Retune and Recalibrate
Use network forensic results to recalibrate existing preventive systems.
10Network Security Insurance Policy
Network recording and network forensics is your insurance policy once the inevitable happens.