How to respond correctly for security incident.

Hi all,

looking for security experts please.

If you find that one of your customer trying attacking you or pushing huge traffic to your network..what is the right way to deal with this problem?right processes or actions in more details? internally or externally.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Scott ThomsonCommented:
Well I guess first you have to figure out which one it is.. is it an attack or is it a butload of data.
Secondly what kind of data is it and what services are you hosting for them?

If they are pushing 20 gigs of bluerays then we have an issue
If they are downloading 50 gigs of torrents then again we have a problem.
If they are migrating an exchange account then its fairly legit.

So here is what I would do. depending on what services you provide for them I would speak to the manager of that particular company and just let him know that a large amount of data has been pushed through of late. it's better if you can identify the data or the cause of the data as stated above and just let them know that this may be causing them some functionality issues if the data is being pushed through on a constant basis.

Then the manager will be the one to handle it because if it's bluerays etc he will punish the employee and than you for being vigilant and letting him know. and if its exchange he may ask the user for operational reasons to choose a different time.

Can you give us some more info?
besmile4everAuthor Commented:
Good scott.

thanks for your nice response. well, let us say that the customer pushing 20 gigs. I need to know the right process.
as I understand for you that I need to contact the manger first?

what is next?
besmile4everAuthor Commented:
what you need to do exactly to your network administrator and your customer?
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

Scott ThomsonCommented:
Its hard to give you a full answer until you even generally specify what services you provide and what role you have to this customer? Can you elaborate for us I we can help further?

No specifics needed just
"We supply email services and this guy is sending 20 gigs a day.. I am the companys customer service rep and I would like to know how to approach this"
MontoyaProcess Improvement MgrCommented:
Here would be my steps (again without knowing specifics, it's hard to provide more details).

-analyze the network traffic to determine if it is legitimate
-if traffic is not legitimate:

1. Capture Sample data

Capture sample data


Find your company's computer use policy


Alert management about infraction


Provide proof


Block traffic


Revise security measures/group policy to prevent problem in future?
That's a decent baseline. If traffic was legitimate, then analyzing and comparing throughput patterns can  help you determine if  your network is big enough to handle traffic, etc...

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sean JacksonInformation Security AnalystCommented:
I agree with the above feedback, but also want to remind you to be aware of whatever regulatory controls you are trying to meet, and if you are required to disclose the incident, should your forensic efforts prove fruitful.
Scott ThomsonCommented:
^ I agree with Iammontoya

But you also need to make sure that you can prove anything you would like to say to them.
Once we get all the details we can probably each post a letter or set of instructions to follow that will point you in the right direction.
besmile4everAuthor Commented:
Many thnks to you all.

Iammontoya: almost your answer is what I need.
Scott ThomsonCommented:
Gald we could help you. let us know if you get stuck anywhere :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.