This post was written by Cognitio and sponsored by Verisign.
In the previous blog posts, we highlighted the role that threat intelligence plays in the development of a framework for resilient cybersecurity, as well as the importance of a solutions based approach when it comes to security tool selection. Together these capabilities will help organizations identify and detect threats, so the next step is to prepare for these threats by implementing a well-orchestrated response plan.
Often overlooked and underplayed by even the most mature organizations, a well-defined incident response plan can help you quickly and effectively respond to and mitigate a security incident. Many organizations expect that their employees will inherently know how to handle an incident when it occurs. However, as we have seen in recent high profile breaches, during an incident, the “fog of war” can set in, leading to confusion and miscommunication and causing delays in response times and remediation efforts.
One aspect of any incident response plan should be the automation of data collection and event correlation. According to the team at Verisign Security Services, “Data collection and correlation plays a key role in detecting an incident and taking the appropriate action. To keep up with today’s threats and complexities of infrastructure, enterprises should ensure security telemetry is not only processed at each point of collection but also correlated across the entire security solution. This will help shorten response times and reduce the need for extensive human involvement when analyzing a threat to the enterprise. Additionally, by leveraging APIs and enabling automatic collection, correlation, and orchestration of signals, enterprises can increase their overall threat awareness, improve incident response and optimize security protection.”[1]
Regardless of the size of your organization, preparing for an incident in advance will save you precious time, and may serve to contain exposure and prevent collateral damage.
Coming up in our final blog post on the development of a framework for resilient cybersecurity we will focus on expanding this framework to support the rapidly evolving needs of a hybrid security architecture.
To learn more about orchestrating responses to threats, read Verisign’s paper entitled, “Framework for Resilient Cybersecurity”.