Talk With an Expert

Cisco Security Agent and Incident Handling

Cisco Security Agent and Incident Handling (PDF, 2.64MB)Published: 01 Oct, 2009
Created by:
Greg Farnham

Deploying new security solutions requires consideration of the incident handling process. New solutions can impact the various phases of incident handling: Preparation, Identification, Containment, Eradication, Recovery and Lessons Learned. An implementation of Cisco Security Agent (CSA) is analyzed and impacts to the incident handling process are identified. In addition, guidance is provided to configure CSA to support the incident handling process. An example malware incident is used to demonstrate the differences in incident handling with CSA and without CSA. Conficker is used as the malware sample. In order to understand the incident and required response, Conficker behaviors and how to test for them are documented.