Lessons in IR
Something in the news out of Tulsa, OK, this morning really provided an excellent lesson in IR.
Basically, the story goes that someone saw what they thought might be one of the deadliest spiders on the planet, panicked, and killed it. An expert in spiders asked to see the body of the spider, but it wasn't available...it had been destroyed.
How many times has this happened to you as a responder?
Caller: "Help! We were hit with the deadliest Windows worm known to man!"
You: "Okay, calm down. How do you know?"
Caller: "We received an alert on our AV console!"
You: "Okay, good. What did it say?"
Caller: "We don't know."
You: "Uhm...okay. Have you isolated any infected systems or preserved a sample of the malware?"
This is where things just kind of go downhill. But the news article is a great example of how things go wrong on a daily basis in IR...
Basically, the story goes that someone saw what they thought might be one of the deadliest spiders on the planet, panicked, and killed it. An expert in spiders asked to see the body of the spider, but it wasn't available...it had been destroyed.
How many times has this happened to you as a responder?
Caller: "Help! We were hit with the deadliest Windows worm known to man!"
You: "Okay, calm down. How do you know?"
Caller: "We received an alert on our AV console!"
You: "Okay, good. What did it say?"
Caller: "We don't know."
You:
This is where things just kind of go downhill. But the news article is a great example of how things go wrong on a daily basis in IR...