This month brings the conclusion of our Industry Insights Brief series. Successful Root Cause Analysis Investigations follows on the heels of Successful Insider Threat Investigations and Successful Employee Misconduct Investigations by discussing a third common type of corporate investigation: intrusions from outside.
Sometimes, intrusion investigations only go as far as determining what was accessed and/or exfiltrated, then remediating the immediate threat. That’s because root cause analysis can be time-consuming. Correlating logs, memory and system artifacts across multiple systems can take time and is prone to human error.
As part of a longer-term strategy towards prevention, though, root cause analysis (using AXIOM’s automated processes to correct for some of the most time-consuming tasks) can help you determine how intruders gained access to begin with—and fix those problems more effectively.
Our new Industry Insights Brief explores the three main steps to finding root cause in corporate intrusion investigations. Download the brief to learn three steps toward conducting more proactive—not purely reactive—investigations:
- Target and acquire the affected systems and combine their images, together with any relevant network logs.
- Find, categorize, review, and correlate evidence to prove intent and attribution.
- Report results in a way that supports IT, Legal, and other stakeholder requirements.