We think we know the answer but, some details in this article could surprise you
According to the article:-
In the course of all of this monitoring, Henry says, law enforcement often finds itself in the odd position of having to show companies evidence they have been victimized. And they aren't always thanked for their efforts. Sometimes, Henry says, companies say "'Please just go away.'" He adds, "It happens all the time."
How frequently do the Secret Service and FBI come calling? "About 40% to 50% of our customer base have regular conversations with the FBI and other agencies that have warned that they have been breached," says Simon Crosby
In the course of that investigation it was discovered a laptop had malware on it that eluded anti-virus tools and the malware had been in contact with a botnet command-and-control server on the Internet. A "The FBI happened to be monitoring the C&C center" for that botnet, Stahl says.
One of the main questions then becomes, are the companies victimized ready to investigate it? Unfortunately, often they are not, say security experts at Solutionary,
Solutionary last year was hired by a bank to conduct a forensics examination after the FBI showed up with evidence of a major breach that turned out to have been caused by SQL Injection attacks on the bank's website and had been going on for months. One difficulty, says Kraus, is the bank's logging system was weak and only stored log data for 2 and 1/2 months. Solutionary believes incident response capabilities remain tepid at best in companies today.
This raises the all-important question of how well companies defend their networks and whether their logging capabilities are sufficient to give them a clue about anything after a breach.
The links below has more information:-
No comments:
Post a Comment