Post Breach Scenarios
A security breach is when the underlying security systems in an organization are bypassed, leading to unauthorized access to private information. Security breaches are usually done by hackers, and can range from low-risk to high-risk incidents. Breaches are typically caught by the security system the organization has, such as a firewall. These systems will notify you when there is an unknown user breaking the security policy by attempting to gain unauthorized access.
Engineers can use forensics to analyse traffic and instantly determine the root cause of an event, entirely removing guesswork and problem reproduction from the equation. Effective forensics provide these four key capabilities:
- Data Capture: Capture all traffic, 24×7, on even the fastest links
- Network Recording: Store all packets for post-incident, or forensic analysis
- Search and Inspection: Enable administrators to comb through archived traffic for anomalies and signs of problems
Reporting: Through data capture and analysis, results of investigations are logged and network vulnerabilities are reviewed and analysed post-mortem.