Reactive Response in Cybersecurity is No Longer Enough 

Reactive Response in Cybersecurity is No Longer Enough 

The best defense is a good offense. Have you heard this idiom before? It doesn’t just apply to sports. Even in the world of information technology, an offensive, or hunting, approach will give you a greater standard of protection against cyber intruders.

Unfortunately, many IT companies still utilize a primarily reactive approach to security practices, leaving them vulnerable and ill-prepared for the techniques many offenders will employ to use their own security against them. The landscape has changed and your company must keep up.  

What are the benefits of approaching security from an offensive position?

• Incidents can be detected earlier

• Response teams can jump into action before a vulnerability becomes severe

• Preparation is more intense and effective

• Containment strategies are more thorough

• Adversaries have fewer opportunities to find alternate means of entry into the system

Of course, these benefits are only available to you if your team follows through appropriately on all threats. Many threats have already been in place for weeks, months, or potentially even years before they are detected by your system or your team. 

Failure to follow the prescribed six-step process could result in spastic response-only techniques that rarely get to the root of the problem. To be effective, it’s important to conduct proper and thorough scoping and containment protocols in order to surround the enemy and close in.

So let’s review the Six-Step Incident Response Process with emphasis on the tasks often overlooked by security teams:

Step 1: Preparation

This means setting up the system, assigning roles, and creating emergency contact lists.

Step 2: Identification

This includes identifying where the attack came from as well as the systems that were affected and creating a full backup to obtain as much information about the incident as possible. 

Step 3: Containment

Freezing systems, blocking IP addresses, and disconnecting network connections are tasks involved in this step to ensure the threat doesn’t spread further.

Step 4: Eradication

You’ll need to get rid of any infected files, folders, or compromised systems and potentially do an entire system reinstall. This step requires erring on the side of caution.

Step 5: Recovery

This involves re-connecting to the network and getting your systems back online and into operation.

Step 6: Follow-up

You’ll need to tighten up security, increase protocols, and take any additional steps necessary to ensure the breach doesn’t happen again.

In this process, step 2 is where many teams try to skip ahead. Resist this temptation — identification is a crucial step to winning the war over the battle.

If you find your team is overworked or underperforming in this area, consider utilizing Atrion’s Computer Hacking Forensic Investigation (CHFI) services. We can aid you by ensuring the examination process is detailed, forensically sound, defensible, and the results repeatable.

For more information, visit our website or contact us at 908-231-7777 or info@atrioncomm.com.