After a threat has been contained and you have implemented your cybersecurity recovery plan, Symantec recommends that you do the following:
Analyze the incident.
Consider the following about the security event:
What was the overall scope of the breach?
What events made up the breach?
What happened as a result of the incident/events?
What entities were affected by the breach?
You can use perform searches, view events, run reports, and analyze the Incident Manager to study what occurred and determine where your network was compromised.
See About the ways to search for indicators of compromise in your organization.
See Viewing the events that have occurred in your network.
See About Reports.
See Incident Manager.
Take steps to prevent similar, future threats.
Based on your analysis of how the breach occurred, the following are some suggestions on ways to prevent future attacks:
Make sure that your endpoints are protected with the most recent version of Symantec Endpoint Protection.
Subscribe to a sharing community or indicator feeds to learn about new threats that you can proactively block.
See Managing policies.
Communicate with employees your organization's IT best practices as well as your IT security policies and procedures.
Contact affected parties.
Contact customers, business partners, and suppliers to let them know about the possible impact of the breach and the steps you're taking to recover. Also indicate how you intend to protect them.
If the breach was the result of an action by a third party, re-evaluate your IT security policies to see how future threats can be thwarted.
Report the incident.
Report a suspected or confirmed breach to the appropriate internal management entities and external oversight entities.
Update your cybersecurity plan.
Your cybersecurity plan should by a dynamic document that is continually updated and modified. You should also regularly test your cybersecurity plan.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
This will clear the history and restart the chat.