10 Ways to Bring your Incident Response Back from the Grave

It’s Día de Los Muertos—but that’s no excuse for your security threat processes to move like the walking dead. As hundreds of thousands of people around the globe take time to remember their ancestors today, we urge you to look back through your incident history. But don’t stop there, think about how you can improve and accelerate deadly response times.

You might be thinking easier said than done. I might as well send that goal to join the graveyard of good intentions. But you’d be doing yourself a disservice, as ‘quelling the dwell’ is more possible to put into action than you think.

So, grab a candy sugar skull, and get ready to accelerate your detection and response time with our ten simple tips:

1. No Vacations From Integrations.

Products that don’t work together are working against each other, and are a major road-block in the race to detect and respond. If your security products don’t talk to one another, you could be missing the full picture—and a breach. Integrating your detection and response systems and tools can ensure communication with the right context to speed time to detection and containment.

2. You Don’t Need a Soothsayer to Understand Scope.

It’s no surprise security professionals say that determining security incident impact and scope takes a lot of time. Many often underestimate how many servers, applications, and devices are in their organization. By implementing centralized security management, you get the visibility and monitoring you need. Per Aberdeen, if you cut time to detection and response in half, you can reduce the impact of a data breach by 30 percent and the impact on enterprise resources by 70 percent. That competitive advantage begins when you learn to understand your entire environment.

3. Keep Your Eyes on the Prize—Data.

Do you know what your data looks like on a regular basis? If not, it’s nearly impossible to realize when anomalous activity creeps into your system. Establish a baseline for your data using a solution that continually monitors traffic.

4. Vanquish Attacks with Practiced Prioritization.

Triage is the key during an attack. You must know your most critical assets, know when to sound alarms, and have structured investigation workflows and cross-functional communications already in place. Plan so that you will save precious time defending your organization’s most important assets when they come under attack.

5. This is Not a Drill!

It’s mandatory for your company to conduct fire drills…but did you know only 33 percent of companies are running regular security breach drills? This is not a drill people! Putting response procedures to the test identifies security gaps before breaches occur. Simulating breaches, conducting drills, or hiring a penetration testing firm to attack you from outside are all ways to test your ability to stop a breach.

6. Regulate Outside Access to Your Company.

Think of your company as the coolest VIP party in town, the one only a few invite-only guests with a gold key are allowed access to. Most breaches begin with third-party suppliers, partners, or cloud providers. Ensure that every entity connected to your network environment, without exception, adheres to your security policies. Also, set privilege, time, and location controls to make certain partners can access only prescribed systems and data.

For the remainder of the tips, download our white paper or infographic.

For more information follow us on Twitter at @McAfee and @McAfee_Business.

Leave a Comment

4 × three =