How do you stay one step ahead of an attacker who seeks to erase all evidence of an attack? How can you respond and recover from a cyber attack if you can’t trust your log information? What do you do after an attack when you need to know what happened?
Cyber attacks only become more sophisticated over time, and current trends and targeted attacks, particularly targeted ransomware, are disturbing. When remediating such attacks, reliable forensics are indispensable; how else can we be assured that we have discovered all compromised equipment, and discerned the original attack path? No matter what the goal, once the attackers control equipment on a network, they cover their tracks, defying most attempts to track them down.
The following article describes how the Waterfall BlackBox solution uses unidirectional technology to help cyber-event responders both before and during incident investigations.