Select Page

Five Stages of Security for Incident Response

How many of you have a really strong security program where you have security incident response and things like that going? How many of you are still using the help desk to let you know when Ransomware hits?

A story of a C level Executive

Here is a story of a C level executive that was there for a manufacturing company who was running a live application in the cloud. Ransomware ended up hitting that server because he was browsing on sites through a server. As this happened, what we saw was that Ransomware has gotten so much smarter, that it started communicating back with him. The Ransomware attack that happened in the environment said;

By the way we know that you have all of these financial files that are sitting on this server, and that you are testing with, and we know that you just replicated this and this is just a test environment. However, it still has this financial data that is relevant to your organization. And by the way, we looked up your organization and we see that you have 20,000 users”.

What are your Five Stages of Going through that Process?

Ransomware is starting to become more and more prominent where it is starting to communicate back with you and they are negotiating with you now. Cyber criminals are starting to become more and more prevalent as they start to attack your systems, whether it’s on-premise or in the cloud. But this was a threat that just happened in the cloud. So, what are your five stages of going through such process?

Five Stages of Security for Incident Response

Detection

The first one is Detection, you need to go through a detection process. It is how you know it actually happened to you and where it happened.

Assessment

When you start to look at the impact and the severity of the event. what is your impact and urgency? How bad is it? How many people are you impacting and then what is your urgency? Can they work? Can they work with work arounds? Are they not able to work at all? Is it completely locking their system down?

Those two things help you calculate a priority based off your assessment.

Diagnosis

Based off of what you have gotten. That is where you start to diagnose what exactly happened. How does that process work, start to notify people, this is what’s happened, we have been breached.

Many people think that they have a really, really strong perimeter or they just have a really, really strong environment, they won’t be breached. Think again, most cloud attackers will find different penetration ways to go and hit you, the same way that OMS is going to assess your environment.

Stabilize and Recover

Once you have been hit or once you have a diagnosis of what incident has come through, that is where you can stabilize and recover. Stabilize and recover has the ability to do automation. So, find your top attacks that are hitting your organization, or find your top items that are inside of your organization already that you’ve just discovered as attacks with OMS and start to automate them or start to build PowerShell automations that then plug in to a security response

Close / Post mortem

And then finally, the last stage is to do a close and a post mortem on the incident event.

Want new articles before they get published?
Subscribe to our Awesome Newsletter.

Recent Posts

Disaster Recovery-as-a-Service (DRaaS) or On-Site DR Appliance?

Disaster Recovery-as-a-Service (DRaaS) or On-Site DR Appliance?

Disaster Recovery-as-a-Service (DRaaS) delivers serverless recovery capabilities while disaster recovery (DR) appliances provide the on-prem secondary site that facilitates quick recovery. Which of the two is the best fit for you? Both deployment options have their...

FC SAN vs iSCSI SAN: What’s the Difference?

FC SAN vs iSCSI SAN: What’s the Difference?

Storage area networks (SANs) are a permanent fixture in corporate data centers used to host high-performance block-level structured workloads such as databases, applications, etc. If you’re familiar with SAN systems, then you’ve heard of Fibre Channel (FC) and iSCSI...

NAS Security: What to Expect and How to Secure your NAS

NAS Security: What to Expect and How to Secure your NAS

Network attached storage (NAS) systems are a permanent fixture in a corporate data center. Whether it’s setting up a file storage and sharing environment for your remote workforce, storing surveillance videos, financial records, and patient information, or running 4K...

Log Archiving: What Challenges to Expect and How to Overcome Them

Log Archiving: What Challenges to Expect and How to Overcome Them

Archiving logs is not a straight forward process. Storage administrators have to balance the regulatory requirement to archive logs, the data analytic needs, and the cost of long-term retention in a digital landscape that’s constantly threatened by ransomware attacks...

You May Also Like

Subscribe To Our Newsletter

Join our mailing list to receive the latest news, updates, and promotions from StoneFly.

Please Confirm your subscription from the email