To Automate or Not to Automate (Incident Response): That…
The recently published Senate report on the Target breach exposed a dicey situation that is all too familiar to enterprise security professionals. As it turns out, Target implemented malware detection technology from FireEye, which happened to detect the now infamous POS memory scrapping code but the IT team was running FireEye in detection rather than prevention mode. This meant that Target had to take some manual action to remove the malware and remediate the incident. Alas, Target did not take this faithful act and the rest is cybercrime history.
To the uninitiated, Target’s behavior seems misguided at best, or even completely incompetent if you take a harder line. Why wouldn’t Target let FireEye do what it was designed to do and avoid this whole disaster?
To read the complete article, CLICK HERE