I'm looking for documentation that would give better sample responses than whitepapers that say "use us and we will remediate your threat for you"...
I am aware of (and am investigating IDS type tools), but I am working from the premise that *something* got inside the enterprise; now how to find it and eradicate it...
I'm working from
- Escalate security on a deep-packet device like a sonicwall.
- run a in-depth manual scan of all servers and workstations.
- add realtime packet inspection to more of the services (looking for traffic).
- then... remediate and clean as necessary.