Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

How You Answer These Three Questions Reflects Your Incident Readiness

Security Teams Needs to Stay in Shape to Operate at Peak Performance and Effectively Deal With Today’s Complex and Relentless Sttacks

Security Teams Needs to Stay in Shape to Operate at Peak Performance and Effectively Deal With Today’s Complex and Relentless Sttacks

Fall ushers in a new sports season. We can feel the excitement in the air as many of us head to the stadium or tune in to watch our favorite players and teams. A lot of work happens behind the scenes to prepare for the season opener. Athletes start conditioning early, turning to personal trainers, nutritionists, and coaches to help ensure they can operate at peak performance when the competition heats up. In fact, those who are consistently at the top of their game tap into a team of outside experts year round.

Security teams must take a similar approach to “stay in shape” and mitigate the risk of increasingly formidable opponents. As the cybersecurity skills shortage continues, survey conducted by CIO, CSO, and Computerworld, found that 56 percent of respondents said that their organizations are enlisting outside consultants to help with information security strategy, and 40 percent said they’re turning to managed security service providers (MSSPs). The Computer Economics IT Spending and Staffing Outlook for 2017 finds that spending on security/privacy tops the list of IT priorities and corroborates the trend of outsourcing for better quality of service and cost savings.

MSSPs help alleviate the complexity of maintaining and managing a proliferation of security products and point solutions in order to get their full value. However, now security teams need more than that. We all recognize that it is no longer a matter of ‘if’ but ‘when’ an organization will get attacked. Security professionals must be prepared for the inevitable, and that means having a team of experts that can help you answer the following three questions:

1. What’s my plan when a data breach occurs?

2. How do I know what is in my network?

3. How can I make sure I have a team that knows my organization and can take action quickly when an attack happens?

To address these new requirements for threat detection and incident response, Managed Detection and Response (MDR) services have emerged with additional bench strength – people and advanced technology – to  provide the following capabilities:

Advertisement. Scroll to continue reading.

1. Table Top Exercises (TTX) – Using a scenario created specifically for your organization and the types of threats you’re most concerned about, a TTX is a great starting point for developing a plan to deal with a breach. Participants should include a cross-section of key stakeholders from the organization, not just IT. During the day of testing a scenario is talked through with new information introduced along the way. These curve-balls change the scenario, mimicking the dynamic nature of attacks and investigations. Following the session you get an objective evaluation of the team’s performance including strengths, weaknesses, lessons learned, as well as recommendations for areas of improvement.

2. Threat Hunting – Proactively finding bad guys inside the network and stopping them as quickly as possible to mitigate damage is a new imperative for security teams. Threat hunting campaigns are designed to find evidence of a possible breach, investigate that system to determine what happened, how it happened, and other systems that also may have been affected in order to contain and remediate the attack. Using a wide range of tools like advanced security analytics technology, big data platforms, and threat intelligence, incident response experts can move quickly with better information. They can focus their hunting on assets that are more likely to have been breached, and reevaluate past events in light of the latest threat intelligence.

3. Retained Incident Response Services – Just as athletes need ongoing access to their team of coaches so that they can perform well even against the most formidable opponents, you need a full team available when an attack does happen. Finding and retaining elite, quality talent is a huge challenge given that the market need is outstripping the supply of skilled experts. That’s when a retained incident response service can help, jumping into action and supplementing your team during an attack. When they aren’t actively engaged in incident response they can help focus on and develop proactive efforts. In the process they’ll learn more about your organization which improves their efficiency and effectiveness during a response, while your internal team will be better able to handle other tasks that need attention.

Every security team needs to stay in shape to operate at peak performance and effectively deal with today’s complex and relentless attacks. Managed detection and response experts can elevate your performance – helping you to develop an effective plan, know what’s in your network, and be ready to act swiftly and comprehensively to mitigate damage when an attack happens.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...