Cisco and Sourcefire: Mitigate Damage After a Security Attack

The Significance of Retrospective Security

Oliver Friedrichs talks about the importance of retrospective security.

The Significance of Retrospective Security

Cisco and Sourcefire - Better Together

Sooner or later an attack will be successful. Learn how to scope, contain, and remediate quickly to mitigate damage after one happens.

Attackers don’t discriminate. They’ll seize on any weak link in the chain to relentlessly succeed in their attacks. They go to great lengths to remain undetected. Using technologies and methods that result in nearly imperceptible indicators of compromise, they infiltrate the extended network where they are difficult to locate, let alone eradicate.

Invariably, attacks will be successful. In fact, Cisco found that 100 percent of companies surveyed in the 2014 Cisco Annual Security Report have connections to domains that are known to host malicious files or services.

Answer the Tough Questions

When an attack happens, every organization needs a formal plan in place to effectively respond.

You need to be able to answer questions like:

  • What was the method and point of entry?
  • What systems were affected?
  • What did the threat do?
  • Can I stop the threat and root cause?
  • How do we recover from it?
  • How do we prevent it from happening again?

Retrospective Security

With retrospective security you can, in essence, travel back in time with the tools you need to:

  • Identify ‘patient zero’ – the first victim
  • Determine the attack scope – how malware traversed the organization
  • Contain the event, understanding all affected systems
  • Remediate quickly, focusing on high-priority events and systems
  • Prevent reinfection by identifying the root causes

Compromises that would have gone unnoticed for weeks or months can be detected, investigated, and remediated quickly.

Mitigate Damage and Quickly Recover

During an attack, solutions like Sourcefire Advanced Malware Protection (AMP) give security professionals the ability to quickly and effectively scope, contain, and remediate an attack to reduce damage.

Get an infrastructure that can continuously gather and analyze data to create security intelligence. With Sourcefire technology you can, through automation, identify indicators of compromise, detect malware sophisticated enough to alter its behavior to avoid detection, and then take action.

Perimeter-based defenses are no longer sufficient to combat today’s advanced attacks. That’s why Sourcefire, together with Cisco, delivers an entire portfolio of threat-centric cybersecurity solutions. They work together to deliver protection across the full attack continuum—before, during, and after an attack.