Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

5 Critical Steps to Handling a Security Breach

2,577 views

Published on

Published in: Technology, News & Politics
  • Be the first to comment

5 Critical Steps to Handling a Security Breach

  1. 1. © 2013 Seculert, All Rights Reserved Network Compromised? Critical Steps to Handling a Security Breach
  2. 2. Network Compromised? Identify the Attack © 2013 Seculert, All Rights Reserved
  3. 3. Which systems, services, and devices have been compromised? Example: Corporate email, online customer login page, shared drives, etc. © 2013 Seculert, All Rights Reserved
  4. 4. Who is the target within your organization? © 2013 Seculert, All Rights Reserved
  5. 5. Does it stem from a host on your network, or is it coming from outside your perimeter? © 2013 Seculert, All Rights Reserved
  6. 6. Gather information about the command & control servers that were used in the attack. Example: IP addresses, domain names, etc. ii ii © 2013 Seculert, All Rights Reserved
  7. 7. Determine the type of attack DDoS etc. © 2013 Seculert, All Rights Reserved
  8. 8. Determine the nature of the attack Is it targeted specifically for your company? Your industry? At a product or service you use? © 2013 Seculert, All Rights Reserved
  9. 9. What was/is the agenda of the attack? etc. Economic social Political © 2013 Seculert, All Rights Reserved
  10. 10. Network Compromised? Quarantine the Damage © 2013 Seculert, All Rights Reserved
  11. 11. Prevent spreading the attack to others and causing further damage. Isolate compromised endpoints and assets. © 2013 Seculert, All Rights Reserved
  12. 12. Can you take your network offline? Are you serious? That would hurt business. ON OFF © 2013 Seculert, All Rights Reserved
  13. 13. Quarantine only the infected servers, computers, and devices. Tip: In quarantine they can be examined, remedied, and brought back online. © 2013 Seculert, All Rights Reserved
  14. 14. Network Compromised? Disinfect © 2013 Seculert, All Rights Reserved
  15. 15. The infection has been quarantined. © 2013 Seculert, All Rights Reserved
  16. 16. Compare pre-infection and post-infection backups. Start with the most critical systems first. 010011101001011 010100001011011 101001001010100 111010010110101 000010110111110 010010101001110 100101101010000 101101101101 010011101001011 010100001011011 101001001010100 111010010110101 000010110111110 010010101001110 100101101010000 101101101101 © 2013 Seculert, All Rights Reserved
  17. 17. A network breach is a considered crime - try not to destroy valuable evidence. Tip: Make safe, stable copies of any illegal content and store on an isolated system- prevents accidental re-infection. © 2013 Seculert, All Rights Reserved
  18. 18. Consult with your corporate legal counsel. Ensure that you have the most up-to-date and accurate advice. © 2013 Seculert, All Rights Reserved
  19. 19. Network Compromised? Develop a Communication Plan © 2013 Seculert, All Rights Reserved
  20. 20. Legally, you may need to disclose the attack. If not publicly, than at least to those potentially affected. Example: customers, partners or other stakeholders. © 2013 Seculert, All Rights Reserved
  21. 21. Decide if sharing information at this point is a necessary public relations move. There are professionals who specialize in the field of network security breaches. Example: PR communication professionals and lawyers © 2013 Seculert, All Rights Reserved
  22. 22. Network Compromised? Re-Secure the Network © 2013 Seculert, All Rights Reserved
  23. 23. Before putting any server, computer, or device back online Check and double check and triple check © 2013 Seculert, All Rights Reserved
  24. 24. All compromised or potentially compromised passwords should be changed. Tip: New passwords should incorporate best practices for strength and security. © 2013 Seculert, All Rights Reserved
  25. 25. Check for configuration errors. Download and install the latest security patches. Update network hardware security settings. © 2013 Seculert, All Rights Reserved
  26. 26. Don’t forget the human factor. Educate all employees on how to play an active role in maintaining network security. © 2013 Seculert, All Rights Reserved
  27. 27. Network Compromised? Contact us here: www.seculert.com/contact-us Find out how Seculert can help. © 2013 Seculert, All Rights Reserved

×