Target Ignored Signs of Data Breach 95
puddingebola writes "Target ignored indications from its threat-detection tools that malware had infected its network. From the article, 'Unusually for a retailer, Target was even running its own security operations center in Minneapolis, according to a report published Thursday by Bloomberg Businessweek. Among its security defenses, following a months-long testing period and May 2013 implementation, was software from attack-detection firm FireEye, which caught the initial November 30 infection of Target's payment system by malware. All told, up to five "malware.binary" alarms reportedly sounded, each graded at the top of FireEye's criticality scale, and which were seen by Target's information security teams first in Bangalore, and then Minneapolis.' Unfortunately, it appears Target's security team failed to act on the threat indicators."
Re:To be fair? (Score:5, Interesting)
The security team should have a license to kill from the executive team. We do, our instructions are if we believe we breach is in progress, "shut it down".
Mind you we have never done it. We came very very close to doing so once on a false positive. The operations team failed inform us of some activity they were going to be doing. Fortunately the guy answered his phone, but otherwise we would have pulled the plug and islanded the entire dmz ecommerce and the corporate home page and all.
After reviewing the after action report the executive team agreed and would've been right to do it given what we knew.
That is how it should work