Security consultant says protecting IT networks is serious business
Staff -- Manufacturing Business Technology, 8/1/2004 6:00:00 AM
If your company doesn't have a detailed plan for protecting its IT network from hackers, you need to hear this story from Bryan Sartin, director of technology at Ubizen, an IT security services and consulting firm.
"An industrial equipment manufacturer was having trouble with generic versions of its product popping up on the market," Sartin recalls. "Then one day they discovered their network had been breached, and they gave us a call."
Ubizen discovered a drop directory—a hidden folder in which hackers store copies of files before downloading them to outside machines—had been placed on the manufacturer's network. "It turns out the hackers were pulling the manufacturer's CAD drawings into the drop directory [and ultimately off the network]," Sartin says.
While he wouldn't reveal the outcome of this case, Sartin says Ubizen did get enough clues to at least starting tracking the culprits, primarily because the company had not shut down the system. "The date and time stamp showed the system had been intruded within the past 12 hours," he says.
The presence of such clues is why Sartin advises users not to follow "normal instincts"—e.g., turning off machines, or trying to find the source of the breach—when they suspect a network has been compromised. He advises unplugging any machine you believe has been tampered with from the network, but not to shut off power since that could erase information that may later identify intruders.
"Turning off or altering a machine that has been breached is the same as disturbing a crime scene," explains Sartin, who regularly works with law enforcement to build cases against hackers. The best way to protect your company, he says, is to create a detailed security plan that includes both measures for how to protect your network from hackers, and the exact steps any employee should take if they suspect the network has been breached.
Companies can purchase software that takes snapshots of a system at the time a breach is discovered, which can be used in tracking down clues. Other companies would be better off calling in a pro like Sartin.
