Mobility Investigate

Rapid Enterprise Triaging (RETRI): How to Run a Compromised Network and Keep Your Data Safe

Download now Free registration required

Executive Summary

Routine log analysis uncovers suspicious activity dating back several months, and active beaconing reveals a backdoor channel in an exploited piece of production software on network. Anti-Virus did not catch it - updated IDS signatures reveal dozens of compromised machines, all buried beneath a hierarchy of domain controllers and NAT'ed subnets across different autonomous organizations throughout a globally distributed network. What do one do without the necessary infrastructure and tools to respond? Once the initial feelings of panic subside, one realizes that one has countless questions and decisions which must be made in a matter of moments.

  • Format: PDF
  • Size: 145.34 KB