You are viewing 'incident response'
#WarStoryWednesday: Most incident response plans don’t survive first contact
This is not technically a war story, however, it is an experience that I would like to share. I recently attended an event featuring a speaker from a large company that had experienced one of the most high profile and extensive breaches in recent history. For the sake of the company I will not name them in this blog, but I do want to stress that the company is very large and the breach was extensive, affecting millions of customers and their entire network. What was interesting is that the speaker was from the company’s legal department, and as such, is not a “technical” person. This provided a brand new perspective to incident response.
In my line of work as an incident response analyst, working in a Managed Security Services Provider company, I routinely help companies that suffer from security incidents. I have first-hand knowledge as to how devastating such an event can be to a company. This speaker stressed that their company lost well over a billion... read more >
You are only as good as your toolset!
In my last blog I asked the question, “Have you ever tried to chop down a tree with a fork?” and told you about an incident response process that was made difficult by the lack of adequate tools. This is a common problem in the field of incident response and security as a whole, and shouldn’t exist. Unfortunately, however, many system administrators, network administrators and help desk personnel assume they can handle an incident, when in reality it is far more complex than they are aware.
A basic introduction to incident response is beyond the scope of this blog, but I do want to introduce the reader to the “Order of Volatility.” This is a common methodology that is taught across the security spectrum. It provides the responder with the ability to gather evidence from the more volatile to the less. This is extremely important when responding to breaches or malware infections. So, let us review the... read more >
Preventing Incident Response Frustration #WarStoryWednesday
Ever try to chop down a tree with a fork? Any type of skilled labor requires the use of proper tools, and incident response is no different. In my experience as an incident responder, many organizations often lack both the proper incident response tools and staff trained to use those tools. In this war story, we take a look at what that can mean for rapid response and remediation.Incident Response War Story
In a recent incident response engagement, a victim of a data breach contacted us regarding the loss of credit card data. This company had received a notification from a Federal law enforcement agency, which, during an investigation, had observed the organization’s IP addresses in relation to stolen credit card data. Further investigations showed that the stolen credit card data had been taken from the organization’s network. The notification had little for the organization to go on, which is typical in this type of situation. Yet,... read more >
Make your incident response team smarter and more effective
We’ve all heard it time and time again, “it’s not if, but when.” Being prepared for that imminent critical security incident is becoming essential. A small amount of investment can pay off tenfold in the effectiveness and efficiency of a response. Investing in an incident response plan can save time, frustration and minimize the impact on an organizations reputation, even if an organization decides not to invest in a full blown incident response program.
Being on the service end of incident response, I see a unique perspective on the challenges that organizations experience when faced with an actual cyber security incident. I see over and over again how utterly unprepared many organizations are in handling an incident. As J.R.R. Tolkien so graciously stated in “The Hobbit,” “It does not do to leave a live dragon out of your calculations, if you live near him.” I promise you, if you have internet facing assets; the... read more >
Cyber security is an ever-changing landscape. As technology changes so must security procedures and techniques. Often in the cyber security realm of incident response, I am astounded by the lack of forethought given to newly emerging tools and tactics, such as threat intelligence.
Threat intelligence is important and must be properly dealt with if we are going to utilize it to its fullest capacity in cyber security. Sadly though, we are seeing a true lack of thought and strategy when it comes to actually implementing threat intelligence in the incident response process. This war story displays the wrong method of utilizing threat intelligence, both as a part of incident response and as a way to react to ongoing threats.War Story
A company experienced what was classified as a breach, when several customers’ personally identifiable information (PII) was used to... read more >