Responding to a security incident involves a lot of fact-gathering, and the precious information needed to advance the investigation is frequently found in the form of log files. But how do you make decisions as to which logs to keep, and for how long? And, more importantly, how do you make sure they are readily accessible should you need them for investigation?
Cyber incidents that require investigation are a little like snowflakes: No two are alike. Every case we investigate seems to have its own unique challenges that vary from previous investigations. There are frequently a multitude of operating systems, network configurations, and industry-specific applications, among other things. But with all of these different cases, the one common thread we encounter is the presence (or lack of) system logs.
Malware as a data breach threat is a hot topic these days, but is it really as big a threat as it is sometimes characterized? Emphatically, YES!
You may recall in a previous post discussing data breach response, I mentioned the very real threat that malware has become, as well as the forensic efforts required to reveal what information may have been breached. Here, I’d like to elaborate on what we’re seeing in the wild from a malware data breach perspective and how to defend against the threat.
