Access your Pro+ Content below.
React in seconds with a network incident response plan
This article is part of the February 2004 issue of Information Security magazine
We need automated response tools that go beyond fledging IPSes. It's 2 a.m. Saturday, and something nasty is running loose on the network. All indications are it's a fast-replicating worm powered by a zero-day exploit. Within minutes, your network traffic is spiking as the worm ravenously scans for targets. Without hesitation, a sysadmin hits the "Big Red Button," which shuts down or isolates critical portions of your network, and closes ports used by the affected service on all noncritical network segments. Seem a little extreme? It's not entirely irrational. Allowing a worm infection could cause extensive damage and downtime. The activation of some predetermined emergency lockdown sequence could spare vast portions of your network from infection and damage. A little lost accessibility and productivity is a couple of shades better than the cost of restoring numerous systems and recovering lost data. Security solutions are grudgingly integrating to provide rapid responses to previously unseen threats. Eventually, IDSes and ...
Access this Pro+ Content for Free!