It was this disclosure that kicked off a fundamental shift in the willingness of any given organization to admit that a breach is a very real possibility and a significant problem.
While many publically disclosed breaches are from government, financial and university organizations, this is a cross-industry problem and it’s important that any organization with something worth stealing move beyond the game of virtual whack-a-mole being played today, and institute a response along with the people and technology to support that plan.
Proactive Response
So when Dan asked what I thought were the general best practices for the organization, my answer was direct and straightforward: the visionary organization needs to take a “lean forward” approach. After all, in cybersecurity as in football, the best defense is a good offense.
Where do you start with proactive incident response? One key way is by automating as much as you can of the initial response workflow, such as capturing some responsive data from the host in order to determine things like:
- What happened?
- What’s the scope of the potential breach?
- How were devices communicating when the alert came across?
- Are any hidden processes running on the machine in question?
As Dan phrased it, it’s about creating a new level of intelligence; the more information you have, the better you can respond. Which is exactly the right perspective: if your organization can capture host information in a more automated fashion as a new layer of visibility to whatever exists on the wire, the faster you can respond to any threat arriving at any time.
The net-net of our discussion was this: Cyberattacks aren’t going away. The forward-thinking organization needs to have a workflow in place and a big, red button to push the moment the first signs of an attack arrive.
No comments :
Post a Comment