When the breach was confirmed, the incident response team had to assume the entire corporate network was untrustworthy. They established a "clean room" in a conference room with isolated laptops not connected to the corporate Wi-Fi.
In late June 2013, a small group of employees in the IT department noticed anomalies. Log files were being deleted prematurely. Outbound traffic to an IP address in Eastern Europe was detected, but it was masked as SSL-encrypted traffic. Searching for- palo alto 2013 in-
The attackers did not brute force a firewall. They did not use a zero-day exploit against Palo Alto’s own product. Instead, they went after a third-party vendor managing the company’s employee travel portal . When the breach was confirmed, the incident response
2013 was a liminal year for Silicon Valley. Facebook had gone public a year prior, but the mania for "Unicorns" (startups valued over $1 billion) was just reaching a fever pitch. In 2013, Snapchat was turning down multi-billion dollar offers, Uber was disrupting taxi unions globally, and the iPhone 5s had just been released. Log files were being deleted prematurely