[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 339
  • Last Modified:

How to respond correctly for security incident.

Hi all,

looking for security experts please.

If you find that one of your customer trying attacking you or pushing huge traffic to your network..what is the right way to deal with this problem?right processes or actions in more details? internally or externally.

3 Solutions
Scott ThomsonCommented:
Well I guess first you have to figure out which one it is.. is it an attack or is it a butload of data.
Secondly what kind of data is it and what services are you hosting for them?

If they are pushing 20 gigs of bluerays then we have an issue
If they are downloading 50 gigs of torrents then again we have a problem.
If they are migrating an exchange account then its fairly legit.

So here is what I would do. depending on what services you provide for them I would speak to the manager of that particular company and just let him know that a large amount of data has been pushed through of late. it's better if you can identify the data or the cause of the data as stated above and just let them know that this may be causing them some functionality issues if the data is being pushed through on a constant basis.

Then the manager will be the one to handle it because if it's bluerays etc he will punish the employee and than you for being vigilant and letting him know. and if its exchange he may ask the user for operational reasons to choose a different time.

Can you give us some more info?
besmile4everAuthor Commented:
Good scott.

thanks for your nice response. well, let us say that the customer pushing 20 gigs. I need to know the right process.
as I understand for you that I need to contact the manger first?

what is next?
besmile4everAuthor Commented:
what you need to do exactly to your network administrator and your customer?

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Scott ThomsonCommented:
Its hard to give you a full answer until you even generally specify what services you provide and what role you have to this customer? Can you elaborate for us I we can help further?

No specifics needed just
"We supply email services and this guy is sending 20 gigs a day.. I am the companys customer service rep and I would like to know how to approach this"
MontoyaProcess Improvement MgrCommented:
Here would be my steps (again without knowing specifics, it's hard to provide more details).

-analyze the network traffic to determine if it is legitimate
-if traffic is not legitimate:

1. Capture Sample data

Capture sample data


Find your company's computer use policy


Alert management about infraction


Provide proof


Block traffic


Revise security measures/group policy to prevent problem in future?
That's a decent baseline. If traffic was legitimate, then analyzing and comparing throughput patterns can  help you determine if  your network is big enough to handle traffic, etc...
Sean JacksonCommented:
I agree with the above feedback, but also want to remind you to be aware of whatever regulatory controls you are trying to meet, and if you are required to disclose the incident, should your forensic efforts prove fruitful.
Scott ThomsonCommented:
^ I agree with Iammontoya

But you also need to make sure that you can prove anything you would like to say to them.
Once we get all the details we can probably each post a letter or set of instructions to follow that will point you in the right direction.
besmile4everAuthor Commented:
Many thnks to you all.

Iammontoya: almost your answer is what I need.
Scott ThomsonCommented:
Gald we could help you. let us know if you get stuck anywhere :)

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now