Reactive Response Is No Longer Enough

“The best defense is a good offense” doesn’t just apply to sports. Even in the world of information technology, an offensive, hunting approach can give you a greater standard of protection against cyber intruders.

Unfortunately, many IT companies still utilize a primarily reactive approach to security practices, leaving them vulnerable and ill-prepared for the techniques many offenders will employ to use their own security against them. The landscape has changed, and your company will need to keep up with those changes.

What are the benefits of approaching security as a hunter?

• Incidents can be detected earlier.
• Response teams can jump into action before vulnerability becomes severe.
• Preparation is more intense and effective.
• Containment strategies are more thorough.
• Adversaries have fewer opportunities to find alternate means of entry into the system.

Of course, these benefits are only available to you if your team follows through appropriately on all threats. Many threats have already been in place weeks, months, or potentially even years before they are detected by your system or your team. Failure to follow the prescribed six-step response process could result in spastic, response-only techniques that rarely get to the root of the problem. To be effective, it’s important to conduct proper and thorough scoping and containment protocols in order to surround the enemy and close in.

Remember, the whole goal is to prevent an attack. However, should the preventive measures fall short, let’s review the Six-Step Incident Response Process with emphasis on the tasks often overlooked by security teams.

Step 1: Preparation

This means setting up the system, assigning roles, and creating emergency contact lists.

Step 2: Identification

This includes identifying where the attack came from, as well as the systems that were affected, and creating a full backup to obtain as much information about the incident as possible.

Step 3: Containment

Freezing systems, blocking IP addresses, and disconnecting network connections are tasks involved in this step to ensure the threat doesn’t spread further.

Step 4: Eradication

You’ll need to get rid of any infected files, folders, or compromised systems and potentially do an entire system reinstall. This step requires erring on the side of caution.

Step 5: Recovery

This involves reconnecting to the network and getting your systems back online and into operation.

Step 6: Follow-up

You’ll need to tighten up security, increase protocols, and take any additional steps necessary to ensure the breach doesn’t happen again.

In this process, Step 2 is where many teams try to cheat ahead. Resist this temptation — identification is a crucial step to winning the battle and the war.

The Six-Step Incident Response Process is an excellent guide when disaster strikes. Make sure you’re ahead of the disaster by hunting the threats before they attack.

[cta]If you find your team is overworked or underperforming in this area, consider utilizing Atrion’s Computer Hacking Forensic Investigation (CHFI) services. We can aid you by ensuring the examination process is detailed, forensically sound, defensible, and the results repeatable.

For more information, visit our website or contact us at 908-231-7777 or info@atrioncomm.com.[/cta]

Atrion at 30 Years

Take a look at how far Atrion has come in this interactive graphic timeline!

Browser not compatible.