#InfosecNA: How to Know If You’ve Been Compromised
Speaking at Infosecurity ISACA North America Expo and Conference in New York, Marc Keating, senior sales engineer at Arctic Wolf Networks, outlined steps organizations can take to gauge whether or not they have suffered a data compromise.
Keating said that cyber-threats are evolving quickly: “What we are up against today in this world are people who go to work to break into your company,” he said. “They are being funded by nation states. The most important thing to understand is that cyber-attackers are very organized.”
Therefore, it has never been more important for companies to be able to quickly and accurately detect breaches if they occur.
The first step in successful prevention and detection is understanding the attack vectors cyber-criminals use, Keating added. He cited an ‘attack chain’ of reconnaissance, weaponization, delivery, exploit and install, command and control, and action.
It’s then important to design your defense strategies around a framework. “Start with a framework that will help you understand where you need to go and where your holes are.”
It’s also vital to monitor and scan for threats everywhere in the environment, all the time. “If you monitor everything, you also want to monitor 25/7, 365 days per year.”
What’s more, logging threat information is not enough, Keating explained – the data must be taken and proactively used.
“If you’re going to go that far [monitor and scan environment], please taken action on what you find,” Keating concluded.
Source: Information Security Magazine