Responding to attacks
The scenarioI need to implement an immediate response to a breach.
The process of responding to a threat is carried out in four steps.
1.Identification
A 5Ws Investigation is carried out to obtain all the information about the origin of the breach.
This analysis identifies the subjects involved (Who), what was effectively damaged or lost (What), which components were damaged (Where), when a breach was detected (When), and why it occurred (Why).
2.Containment
Once the breached portion of the system, usually consisting of a set of networked machines, is identified, it is isolated from the rest of the company’s IT infrastructure to prevent further damage caused by the spread of the threat.
Containment must follow a strategy tailored to the type of attack.
3.Elimination
This involves a set of corrective actions aimed at removing the artifacts of a threat, which could include malware, compromised system accounts, or vulnerabilities. For the latter, the installation of appropriate patches is carried out.
These actions must be performed on all elements identified during the Identification phase.
4.Activity restoration
Systems are restored to their original operational state, and any additional vulnerabilities are repaired.
A report of all activities performed is then provided. The document includes information about the nature of the breach, the associated vulnerabilities, and how they were identified and resolved by our team. The report also contains recommendations to follow in order to reduce the risk of similar threats occurring in the future.
Benefits
Discover how we can help you
Together, we’ll find the best solutions to tackle the challenges your business faces every day.