Internet Pioneer On Incident Response: Sorry, There's No 'Magic Security Pixie Dust'


Establishing The Security Incident Impact

"The second goal of incident response is the ability to gain an understanding of the depth and breadth of an attack," he said. "If you see one corner of it, you might like to be able to go look through the rest of your Splunk or Syslog or whatever it is you are using to gather data about your network to review recent history and find related attacks. Investigators need to have access to related identifiers."