Cyber Security Incident Response

Old No Comments on Cyber Security Incident Response 34

Setting up an cyber security incident response system? Spend your money wisely and make sure you’re ready to invest a bit of time not only in the setup and preparation efforts but, also in maintenance and routine testing and training.

With most companies moving to the philosophy that they are already carrying infections, the goal today is to make sure the IT team has an incident response system in place to follow up on suspicious activities. The cyber security thought process today is similar to that of a department store; every person that walks into the store isn’t a shoplifter but, they may behave in a way that makes them suspicious and as a result, sometimes they get ‘watched’.

incident response system

Rather than assigning an employee to wear sun glasses and follow the patron around the store, the security team turns to the video surveillance cameras. This is the job of the Security Operations Center or SOC, they follow up on “strange sightings”. In IT, following up involves scanning the end systems files and logs as well as reporting on the communication patterns. This isn’t easy. Therefore, to identify suspicious behaviors, systems have to be purchased and people have to be trained on how to identify odd communication patterns. Getting the money requires buy in from upper management and your vendor should be able to help here.

If your security systems are 5 years old, they need upgrades – probably replacement and your malware detection systems must monitor internal traffic even when it isn’t headed for the Internet. Your new systems should export details about what they are observing and reporting. This generally comes in the form of NetFlow and IPFIX and to report on this flow data, the team will need an incident response system (IRS). A good IRS needs to have several important features:

  • Ability to consume all flow formats including NetFlow, IPFIX, sFlow, J-Flow and others
  • Ability to consume, archive and report on all elements (i.e. details) represented in the flows
  • Ability to archive 100% the data for years without dropping any of the details.
  • Ability to actively monitor for odd traffic patterns and report on them

With new threat detection systems in place, the team will need training not only in setting up the new systems but, also in customizing it to protect the assets unique to the business. No two companies are alike in what they consider business critical in their effort to stay competitive. Then, the next step: fire drills.

When following up on potential cyber threats the SOC team needs to react instinctively. For this to happen, the routines involved with resolving a malware incident needs to be 2nd nature. This means practice and fire drills. If your cyber security incident response team isn’t rehearsing under the simulated pressures that come with a fire drill, your SOC team is probably not ready for the next cyber attack.

 

Author

Michael Patterson

Michael Patterson is the Founder and CEO of Plixer International. Prior to starting the company in 1998, he worked for Cabletron Systems in Support, Training and Professional Services. He is an experienced leader with strong insight into the industry and the needs of his customers. He has an aptitude for delivering high performing, value added, systems and service solutions to meet challenging business demands. He started the company as a one man shop and has grown it into a multi-million dollar organization. All this done without the assistance of venture capital. Michael is passionate about how the company grows, the technologies it pursues and continues to participate at many levels of the organization. By taking a hands on approach with the hardware and software, he works with the software developers and in quality assurance testing to help ensure that the products behave in a format that continually supports the collective vision of the company. He has a Bachelor’s Degree from the University of Maine and a Masters in Computer Information Systems from Southern New Hampshire University.

Related Articles

Leave a comment

Back to Top