An eagle-eyed Security Incident Response Team: Heres what it takes

Few organizations really understand their readiness quotient when it comes to responding to a cyber
security attack partly because they miscalculate the gravity and partly because of the amorphous
dimensions of the term incident.
In general security parlance, any event that affects CIA (Confidentiality, Integrity and Availability) can
be called an incident. However, defining the term within the context of your operations requires
infallible perception and situational awareness. Without precise identification of the source of a
breach, its intent, impact, and entry point, organizations cannot effectively pair an incident response
plan with the level of support and threat management capability it requires.
There is a noticeable upward trend in the embracement of incident response planning, but merely
having guidelines proves to be persistently ineffective. A recent study by Ponemon Institute
indicated that though 73% of Fortune 500 companies have developed IR plans, about 68% of them
feel they arent yet ready to handle a data breach and wouldnt know what steps to take to control
the impact.
The reality of the situation, apparently, is that many organizations arent yet equipped with the right
staff to venture into the preparation phase with the forward-planning exigency it requires.
Negligibly few companies, whom I would call the 1%, are equipped with an IT team that can double
up as incident handlers with the kind of knowledge gained from day after day of dealing with a wide
range of incidents. The others who form the majority have the option to involve a dedicated incident
response team with battlefield experience.
The role of Managed Security in Preparation, Response and Follow-up of a Security Incident
Organizations are working with managed security operations teams are realizing the
transformational benefits of objective assessment and extensive threat intelligence the best of
both worlds.

1. Preparation:Continuous Threat Analytics for a strong base of operations

Preparation entirely devolves on how well people, process, technologies and information are
brought together. This stage involves asset risk prioritization and establishing baselines to provide
direction and scope for the entire workflow. Thus, in a sense, the security operations team is
continuously preparing your foundation for incident response with its round-the-clock scrutiny and
dissection of events and alarms.

2. Response: Rapid diagnosis using Intrusion Forensics

-Because how you would dodge a bullet is not the same way you would escape a grenade blast.
Forensic capabilities are rare to come upon and are extremely useful in quickly comprehending what
data has been exfiltrated and what resources have been compromised in the process.
Seasoned incident handlers will know that this is the worst time for panic and carry out systematic
problem solving.

Resuscitative Containment is undertaken to neutralize threats in critical systems to help keep them
in production while a clean backup is getting ready.
3. Follow-up:Corroborative security policy reviews, logs, checklists and surveys
End goals:

Validating every restoration and recovery task/policy change for efficacy.

Improving security controls and security awareness across the organization.
Asserting how close the organization has come to preventing reoccurrence of an incident.
Ensuring that realistic goals are set and achieved.

Every event encountered contributes to the knowledge pool that is used in adjusting rules, policies
and frameworks. Analysts prepare reports for a range of purposes but the most valuable reports are
those that chronicle the entire incident summary and answer all questions pertaining to it.
Aleph Tav Technologies is helping organizations discover simplified threat management with a
flexible and adaptive security operations team. Explore ways to build a robust response team with
our managed security solution. Visit alephtavtech.com for more.
Our services include: Ethical Hacking, Managed Security Services, Application Security, Network
Security, Security Testing, Enterprise Security, Security for IoT, SCADA Security, Digital Forensics