The phone rings. You answer it and the rattled voice on the other end says, “We think there has been a breach.” What is your first thought about what to do?
A recent joint advisory issued by Australia, Canada, New Zealand, the United Kingdom and the United States highlights technical approaches to uncovering malicious activity and includes best-practice mitigation steps. The advisory’s goal is to help organizations improve incident response. That starts with the collection of relevant data: event logs, browser history files, evidence of listening ports, historical dates of when file folders and files were created, and so on.