In case of an information security related incident, response and backtracking of the reason and source is more than critical for preventing damage to a companies success and business continuity. If a breach happens post analysis helps getting more aware of what happened, which data or which systems were affected and what the overall criticality of the incident was.
Understanding what malware does, finding out the level of criticality and potential objectives of an attack has to be one of the first goals from a post-breach perspective. Implications on further actions in incident management almost fully depend on the above named points. Offering 20 years of experience in analyzing threats, malware and their behavior on company networks gives us the possibility in helping our customers getting their networks more secure as well as doing the right things pre, as well as post breach.
Initial as well as continuous testing of systems and applications from a technical side should be integrated for every single system on a network after assessing its level of importance and relevance. Externally facing web servers offer a huge vector for issuing possible attacks against a company, but also internal systems can help intruders to spread easier over a company's network.
Before looking at a security design or developing strategies in implementing systems for preventing incidents to happen, it is always necessary assessing and defining risk levels and critical infrastructure or data to be protected. With having the knowledge which systems or assets are exposed and what the impact of a compromise would be, further steps can be taken and a strategy can be built up for finding an appropriate and cost efficient way of improving information security.