Select Page

Five Stages of Security for Incident Response

How many of you have a really strong security program where you have security incident response and things like that going? How many of you are still using the help desk to let you know when Ransomware hits?

A story of a C level Executive

Here is a story of a C level executive that was there for a manufacturing company who was running a live application in the cloud. Ransomware ended up hitting that server because he was browsing on sites through a server. As this happened, what we saw was that Ransomware has gotten so much smarter, that it started communicating back with him. The Ransomware attack that happened in the environment said;

By the way we know that you have all of these financial files that are sitting on this server, and that you are testing with, and we know that you just replicated this and this is just a test environment. However, it still has this financial data that is relevant to your organization. And by the way, we looked up your organization and we see that you have 20,000 users”.

What are your Five Stages of Going through that Process?

Ransomware is starting to become more and more prominent where it is starting to communicate back with you and they are negotiating with you now. Cyber criminals are starting to become more and more prevalent as they start to attack your systems, whether it’s on-premise or in the cloud. But this was a threat that just happened in the cloud. So, what are your five stages of going through such process?

Five Stages of Security for Incident Response


The first one is Detection, you need to go through a detection process. It is how you know it actually happened to you and where it happened.


When you start to look at the impact and the severity of the event. what is your impact and urgency? How bad is it? How many people are you impacting and then what is your urgency? Can they work? Can they work with work arounds? Are they not able to work at all? Is it completely locking their system down?

Those two things help you calculate a priority based off your assessment.


Based off of what you have gotten. That is where you start to diagnose what exactly happened. How does that process work, start to notify people, this is what’s happened, we have been breached.

Many people think that they have a really, really strong perimeter or they just have a really, really strong environment, they won’t be breached. Think again, most cloud attackers will find different penetration ways to go and hit you, the same way that OMS is going to assess your environment.

Stabilize and Recover

Once you have been hit or once you have a diagnosis of what incident has come through, that is where you can stabilize and recover. Stabilize and recover has the ability to do automation. So, find your top attacks that are hitting your organization, or find your top items that are inside of your organization already that you’ve just discovered as attacks with OMS and start to automate them or start to build PowerShell automations that then plug in to a security response

Close / Post mortem

And then finally, the last stage is to do a close and a post mortem on the incident event.

Want new articles before they get published?
Subscribe to our Awesome Newsletter.

DDoS Attacks Decoded: Defending Against Modern Cyber Onslaughts

DDoS Attacks Decoded: Defending Against Modern Cyber Onslaughts

In the vast realm of cybersecurity, few threats are as pervasive and disruptive as Distributed Denial of Service (DDoS) attacks. These orchestrated assaults on digital infrastructure can bring organizations to their knees, disrupting services, tarnishing reputations,...

Botnets Unveiled: Navigating the Underworld of Cyber Threats

Botnets Unveiled: Navigating the Underworld of Cyber Threats

In today's interconnected digital landscape, where data is the lifeblood of businesses and individuals alike, cybersecurity has never been more critical. It's a world where cyber threats loom large, and among them, botnets stand out as a particularly menacing...

Remote Access Trojans (RATs): The Silent Invaders of Cybersecurity

Remote Access Trojans (RATs): The Silent Invaders of Cybersecurity

In the dynamic landscape of cybersecurity, one malicious entity has been silently making its presence felt - Remote Access Trojans, or RATs. These stealthy and malicious software pieces operate in the shadows, infiltrating systems, and granting unauthorized access to...

How to Set Up Immutable Snapshots for Ransomware Protection

How to Set Up Immutable Snapshots for Ransomware Protection

Cyber threats such as ransomware attacks have become more sophisticated, necessitating advanced strategies for data protection. One such strategy is the use of immutable snapshots. These snapshots, which capture the state of your data at a specific point in time, and...

You May Also Like

Subscribe To Our Newsletter

Join our mailing list to receive the latest news, updates, and promotions from StoneFly.

Please Confirm your subscription from the email