Enterprise security teams have historically spent most of their time, human resources and money on defenses like firewalls and Intrusion Detection Systems (IDS) to protect and monitor the security of their networks. However, a quick look at the news will tell you that these barriers are far from foolproof. With breaches becoming more common (and costly), enterprise teams are turning to tools that help them respond quickly to security incidents as soon as the attack has been discovered.
Network forensics looks at information such as log data, network flow and packet data to answer the question ‘How did the attackers get in?’. It’s similar to what you would expect a detective to do at a crime scene – look for clues to recreate the crime. The goal of network forensics is to identify the source of the breach faster in order to minimize the resulting damage, and to analyze them so that future attacks can be prevented.
The unfortunate truth is that no organization is safe from attack. With that in mind, here are some critical steps every organization should take to prepare for, and react to a security breach:
Employees are sometimes the weakest link in security. It is important that you conduct regular training with employees on basic security best practices such as using strong passwords, how to identify phishing emails, and not plugging unknown devices into work machines.
Automate the process of data collection so that it is easier to investigate and identify security events.
Once a breach has been confirmed, determine exactly how far the problem has spread within the company’s network and minimize further damage by disconnecting affected systems and devices.
Resolve the root cause of the vulnerability and remove all traces of malicious code. Ensure that the flaw is completely resolved by running penetration tests and looking at server logs again to define whether other servers and devices might also be susceptible.
Restore all data and software from clean backup files. Monitor systems for any sign of weakness or recurrence.
6. Lessons learned and remediation
Conduct a thorough post-mortem to analyze the incident and how it was handled. Identify prevention and response processes that can be improved.
Click here to read the full article