Check the Logs When an attack like SolarWinds has occurred, and a company suspects it may have been compromised, there are several steps it can take to determine the scope of the problem. "Look into unusual behavior, unusual network connections," Bessette told DCK. "Check your logging, look for IP addresses that shouldn't be there." Bessette was previously chief of the FBI cyber division’s technical operations section, where he managed the national cyber incident response team. In his experience, enterprises often fail to have the logging in place that can help them do a full investigation after an incident occurs. The SolarWinds breach is an opportunity to change that.