Survive a Network Breach With These 4 Tips
August 31, 2016
Prevention is key in many aspects of life. This naturally includes the business world, particularly where security issues are concerned. A data breach is a huge security issue that you will hopefully never have to face, but one that is still very important to prepare for. Use the following four tips to ensure you survive a network breach without losing everything you have worked so hard for.
Utilize and Protect Data Logs
Keep detailed logs of all data, such as traffic logs, message files, system event logs, and anything else essential to your business. Data logs are imperative should a breach occur, as they help investigators determine which systems were breached and why they were vulnerable. If possible, have all data make its way into a sizable security information and event management system (SIEM) featuring terabytes of disk space. Terabytes make it possible to filter your information and create real-time responses.
If SIEM is not an option or is incapable of handling your company’s log data, opt for a log server that can sustain logs for 30 to 90 days. This way, they are readily available when you require them.
Take Advantage of Packet Captures
Put packet captures to good use and deal with the fallout of a breach more efficiently. When breaches occur, it is necessary to patch every hole so hackers no longer have their hands around a system. Firewall logs are helpful in this regard, however they cannot tell you whether a hacker is extracting data or your system is merely performing an update. Packet analyzers offer this ability. Some companies run packet captures on a continual basis, while others simply use them when needed. The latter is arguably the better option, as networks are constantly “switching,” making capturing every packet a difficult process.
Give yourself the gift of turning on packet captures whenever you need them and use them for general troubleshooting, as well as breach management.
Keep Database Systems and Applications Up to Date
Put configuration management databases (CMDB) to good use. Such databases function as information stores about operational systems and applications. They are invaluable when cleaning up after a data breach, as they provide a wealth of critical information, such as whether a system features important data or not.
Write Out a Plan
Write out a plan for responding to a data breach and save yourself serious time in the first hours. Your plan should detail who is responsible for what during a breach, what actions should be implemented and which are preapproved, how everyone on your team will communicate with one another, and anything else you deem relevant. A thorough data breach plan is a great way to prevent total chaos and move forward when sensitive information is hacked.
Keep these four tips in mind to protect your company from would-be hackers—you will be very thankful you did when a breach occurs!