Last edited by Sangfor Elsa 09 Mar 2020 14:51.
Well-Rounded Incident Response is Vital
Cybersecurity has become the crux of the Internet age, having a profound impact on international politics, economy, culture, society, military and almost every other field, and has simultaneously become a challenging issue of ever-increasing importance. As informazation and globalization spread, the Internet has become an essential part of daily life, both social and professional. In this era of booming information, the effects of both the positive and negative are felt on a global level, a “double-edged sword,” boosting economic growth while simultaneously creating more opportunity for data leakage and cyber-attack.
2017 was a huge year for cyber-crime, seeing the NSA’s Equation Group tools leaked, loopholes in OS’s and web applications exploited, ransomware running rampant in the first half of the year, while large scale mining attacks dominated the second half. We now see increasing supply chain attacks and ongoing targeted APT attacks. Attackers are employing more complex, yet more flexible tools in their ongoing war fueled by personal and national interest, both industrialized and organized. The network attack area is expanding.
Pop quiz! What does a professional fear most? A lack of customers, slow or dwindling income or new clients, network outage or loss of reputation, financial loss or legal issues?
Each and every option has the potential to collapse all you’ve worked for.
How do we minimize the impact and possible negative outcomes of these issues? Via Incident Response.
Is security incident response all that is required in the event of a cyber-attack?
Incident Response is an organized process or phase of methodology that an organization uses to respond too and deal with security incidents or data breaches. Data breaches have serious ramifications, impacting sensitive customer data, confidential intellectual property, productivity, time and resources. In an effort to reduce potential damage, Incident Response is there to backup organizations dealing with security issues and cyber-attack, and assist in any recovery.
Incident Response is normally broken down into six different phases:
• Lesson Learned
Preparation is normally what is known as the “pre-incident” phase. Identification, containment, eradication, and recovery are considered the “mid-incident” phase, while the lesson learned falls under the “post-incident” phase of Incident Response.
Sangfor helps organizations assess external attack surfaces and vulnerabilities before an attack occurs. Organizations need to know if the existing network architecture, network setup, security practices, and security controls, are sufficient to defend against ransomware and APT attacks. Attack surfaces, vulnerabilities, weak points, and risks are identified before attackers take advantage and exploit them. Organization are advised to perform security scans regularly and develop a and risk mitigation plan, based on Sangfor recommendations, designed to lower the risk-level to its extreme minimum.
In the event of a successful ransomware or APT attack, the Sangfor Incident Response team will provide immediate support, based on the agreed-upon SLA, helping to mitigate the incident and minimize the impact. Sangfor’s security professionals will assist to identify the kill chain, patient zero, entry point, IOC and triage. After the security incident is resolved, a report will be prepared for the organization.
After the impacted services have recovered and the incident case is closed, the operation of the organization will return to normal. In order to assess the organization’s ability to defend against future ransomware and APT attack, Sangfor will provide an external vulnerability assessment service and firewall ruleset configuration review to ensure new vulnerabilities, weak points, and misconfigurations are identified before the next attack occurs.
How will Incident Response service benefit your organization?