Creating a Foundation for Proactive Incident Response - PowerPoint PPT Presentation

View by Category
About This Presentation
Title:

Creating a Foundation for Proactive Incident Response

Description:

Before your SOC can set its incident response process into motion, there needs to be an effective method to accurately identify real threats. The average SOC gets thousands of alerts per day, and weeding out false positives to focus on actual threats can be challenging. With a security orchestration platform in place, your ecosystem of security technologies can work together to deliver vital context that lets your team know where their focus is most needed. – PowerPoint PPT presentation

Number of Views:3

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Creating a Foundation for Proactive Incident Response


1
Creating a Foundation for Proactive Incident
Response
2
Introduction
  • As a Boy Scout, youre trained to be prepared -
    always in a state of readiness in mind and body
    to do your duty. And for many of us in
    cybersecurity, a sense of duty is what drew us to
    the industry in the first place. What happens
    when the mind and body are at the ready, but you
    don't have the right approach or tools to carry
    out your duty as you know you can and should?

3
Quarterly Incident Response Threat Report
4
Effective Incident Detection
  • Before your SOC can set its incident response
    process into motion, there needs to be an
    effective method to accurately identify real
    threats. The average SOC gets thousands of alerts
    per day, and weeding out false positives to focus
    on actual threats can be challenging. With a
    security orchestration platform in place, your
    ecosystem of security technologies can work
    together to deliver vital context that lets your
    team know where their focus is most needed.

5
Decisive Incident Detection
  • With security orchestration and automation, these
    crucial details are automatically gathered and
    presented to your security team, enabling them to
    assess the priority of an alert, quickly close
    false positives and clearly identify which
    security events would trigger applying your
    incident response process. This ultimately helps
    drive down mean time to detect (MTTD) which, when
    combined with a proactive incident response plan
    will also lead to a faster mean time to respond
    (MTTR).

6
Security Orchestration for Proactive IR
  • The QIRTR identifies six steps for taking a more
    proactive approach to incident response. Of those
    security orchestration has a significant impact
    on the first four
  • Have an incident response plan in place
  • Communicate and notify
  • Know your legal requirements
  • Visibility is key
  • Hunt quietly
  • Regular checkups multi-factor authentication

7
Effective Incident Response
  • For effective incident response - your entire
    security team needs to know what steps to take A
    and when. This means having a clear, documented
    plan that is periodically tested through
    simulations to assess effectiveness and
    continuously improve.
  • One of the key benefits offered by security
    orchestration platforms is the ability to codify
    your incident response plans into consistent,
    repeatable playbooks.

8
Leverage Security Orchestration
  • Because security orchestration gives your team a
    complete picture of an incident, it can also help
    your team do the necessary postmortem and
    reporting to satisfy legal requirements. Some
    security orchestration and automation platforms
    offer automated reporting that provides a
    snapshot of the security incident as well as a
    summary of the playbooks applied and remediation
    steps taken.

9
Be Ready To Proactively Communicate Notify
10
Conclusion
  • Utilizing all available information and having it
    presented to analysts in a clear, usable way
    ensures that the security team has all the data
    needed to perform deep analysis and determine the
    best incident response approach rapidly.
  • By channeling our inner Boy Scouts and taking a
    more proactive approach to incident response
    enabled by security orchestration, we can help
    our security operations teams more quickly,
    effectively and consistently identify and respond
    to threats.
About PowerShow.com