Page 25 - Cyber Warnings
P. 25
deception platforms, the solution will also be able to auto-deploy additional decoys to gain
supplemental insight into attacker activities. This hinders attackers by causing them to spin
meaningless cycles in a hall of mirrors or labyrinth of deception
Automate Incidence Response Handling
The incident response solution should automatically share correlated attack information with
prevention and detection systems and, based on the security team’s policies and playbooks,
accelerate the incident handling with automated blocking and isolation of an attack for quick
handling and remediation.
Collaboration Enables a Better View
Creating a single source for the security team to review correlated attack information and to
collaborate on incident response allows teams to see real threats and activity patterns that they
might have missed or ignored based on a partial view of threat activity. In addition, it creates a
consolidated environment for information security teams to post-incident response activities and
comments, allowing for effortless coordination and sharing of data across the organization
without losing valuable historical data.
Effective Remediation
Swift and effective incident response includes remediation, and the solution should include not
only the quarantine of an infected system but also a transfer of information required to generate
a trouble ticket with applications such as ServiceNow or Jira. Providing the IT Help Desk
information on exactly what the team needs to promptly remediate an infected system or unit
will drive faster resolution and, in many cases, the proof needed to take critical systems off-line
for repair.
Deception Adds a New and Powerful Weapon to the CSIRT Arsenal
Incorporating deception capabilities into incident response is a powerful addition to the suite of
solutions available to CSIRTs. Deception adds the visibility and efficient detection of in-network
threats but also goes one step further in enhancing the value of current security infrastructure.
Hand-in-hand, deception platforms, prevention, and SIEM systems can work together for
efficient continuous threat management to build a stronger defense against today’s
sophisticated attacker.
About the Author
Carolyn has over 25 years of experience in high tech marketing and sales
management. At Attivo Networks she is the Chief Marketing Officer
responsible for overall marketing strategy, building company awareness, and
creating customer demand through education programs and technology
partnerships. She has built leading brand strategy and awareness, high-
impact demand generation programs and strong partnerships for some of the
industry’s fasted growing high-tech companies including Cisco Systems, Juniper Networks,
Riverbed, Nimble Storage, and Maxta.
25 Cyber Warnings E-Magazine – April 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide