What would the holidays be without the inevitable email phishing campaigns, cyber attacks, and data breaches? This year’s recipients included Apple, Telstra, an Australia-based telecommunications and information services company, and Stratfor Global Intelligence, an Austin, TX-based security group, among others. And when it comes to responding to breaches, time is of the essence.
“‘Every minute you take to figure this out, you could be losing more e-mails and more credit data,’ Kevin Mandia of Mandiant recently said to the NY Times. The goal is to determine quickly the “fingerprint” of the intrusion and its scope: ‘How did the guy break in? What did he take? When did he break in? And, how do I stop this?’”
In fact, your cyber security solution needs to address these five key questions:
- Who was the intruder?
- How did the intruder penetrate security?
- What damage has been done?
- Did anything get left behind?
- Did you capture sufficient information to effectively analyze and reproduce the attack?
Question 5 is the gotcha for most solutions. While Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) raise an alarm, they fail to provide network engineers with the details they need to quickly locate and correct the source of an attack. Augmenting these systems with a network recorder enables post-event analysis that exposes the attacker, the method, and the damage.
The following video shows why you should employ data recorders in line with your IDS/IPS systems.
Join us February 15, 2012 at 8:30AM PST, for a free live seminar, “Cyber Security – IDS/IPS is not Enough,” to learn how with Network Forensics and Network Recording you can characterize not only the breach, but also assess the damage, ensure no further compromise, and comply with corporate and legal requirements for reporting.