5 critical steps to handling a security breach
TRANSCRIPT
© 2013 Seculert, All Rights Reserved
Network Compromised?
Critical Steps to Handling
a Security Breach
Network Compromised?
Identify the Attack
© 2013 Seculert, All Rights Reserved
Which systems, services,
and devices have been compromised?
Example: Corporate
email, online customer
login page, shared
drives, etc.
© 2013 Seculert, All Rights Reserved
Who is the target
within your organization?
© 2013 Seculert, All Rights Reserved
Does it stem from
a host on your
network,
or is it coming
from outside your
perimeter?
© 2013 Seculert, All Rights Reserved
Gather information about the command &
control servers that were
used in the attack.
Example: IP addresses,
domain names, etc.
i i
i i
© 2013 Seculert, All Rights Reserved
Determine the
type
of attack
DDoS
etc. © 2013 Seculert, All Rights Reserved
Determine the
nature of
the attack
Is it targeted specifically for
your company?
Your industry? At a product
or service you use?
© 2013 Seculert, All Rights Reserved
What was/is the
agenda of
the attack? etc.
Economic social
Political
© 2013 Seculert, All Rights Reserved
Network Compromised?
Quarantine
the Damage
© 2013 Seculert, All Rights Reserved
Prevent spreading
the attack to others and causing further
damage.
Isolate
compromised
endpoints and
assets.
© 2013 Seculert, All Rights Reserved
Can you take
your network offline?
Are you serious? That would hurt business.
ON
OFF
© 2013 Seculert, All Rights Reserved
Quarantine only the infected
servers, computers, and
devices.
Tip: In quarantine they can be examined, remedied, and brought back online.
© 2013 Seculert, All Rights Reserved
Network Compromised?
Disinfect
© 2013 Seculert, All Rights Reserved
The infection has been quarantined.
© 2013 Seculert, All Rights Reserved
Compare pre-infection
and post-infection backups.
Start with the most
critical systems first.
010011101001011
010100001011011
101001001010100
111010010110101
000010110111110
010010101001110
100101101010000
101101101101
010011101001011
010100001011011
101001001010100
111010010110101
000010110111110
010010101001110
100101101010000
101101101101
© 2013 Seculert, All Rights Reserved
A network breach is
a considered crime - try not to destroy valuable evidence.
Tip: Make safe, stable copies of any illegal content and store on an isolated system- prevents accidental re-infection.
© 2013 Seculert, All Rights Reserved
Consult with your
corporate legal counsel.
Ensure that you have the most
up-to-date and accurate advice.
© 2013 Seculert, All Rights Reserved
Network Compromised?
Develop a
Communication Plan
© 2013 Seculert, All Rights Reserved
Legally, you may need to
disclose the attack.
If not publicly,
than at least to those
potentially affected.
Example: customers,
partners or other
stakeholders.
© 2013 Seculert, All Rights Reserved
Decide if sharing
information at this point
is a necessary public
relations move.
There are professionals who specialize in the
field of network security breaches. Example: PR communication professionals and lawyers
© 2013 Seculert, All Rights Reserved
Network Compromised?
Re-Secure
the Network
© 2013 Seculert, All Rights Reserved
Before putting any server, computer,
or device back online
Check
and double check
and triple check
© 2013 Seculert, All Rights Reserved
All compromised or potentially compromised
passwords should be changed.
Tip: New passwords should incorporate
best practices for strength and security.
© 2013 Seculert, All Rights Reserved
Check for
configuration errors.
Download and install the
latest security patches.
Update network
hardware security settings.
© 2013 Seculert, All Rights Reserved
Don’t forget the
human factor.
Educate all employees on how to play an
active role in maintaining network security.
© 2013 Seculert, All Rights Reserved
Network Compromised?
Contact us here:
www.seculert.com/contact-us
Find out how Seculert
can help.
© 2013 Seculert, All Rights Reserved