Page 42 - index
P. 42
The Haves and the Have Not’s
By Todd Weller, VP, Corporate Development, Hexis Cyber Solutions
Take a look at the current IT security landscape. Vendors offer preventative solutions that come
in all shapes and sizes, promising protection and defense to those that invest in their
technology. With so many solutions being pushed to market, one can only imagine how difficult
it must be for an end-user organization to make a decision.
Navigating through product overload, one idea to consider for companies in need of better and
smarter protection falls in line with incident response. Incident response teams and strategies
are by no means a “quick-fix” for a company – but rather an investment that, over time can be
developed and executed in a way that is entirely customizable to the needs of the organization.
When it comes to incident response, security experts have concluded that the market is
segmented into “the haves” and the “have-not’s” – companies that have incident response
teams and strategies, and companies that do not. As mentioned above, incident response is not
a quick-fix solution, but rather, an involved strategy that works effectively through dedicated time
and effort, specialized experience and designated costs and workflow.
Unlike solutions that only protect the perimeter, incident response is a proactive strategy that
when executed correctly, will leverage the right processes and the right tools to fix the issue at
hand. Furthermore, incident response plans are devised to align directly with an organization’s
goals and needs, as well as existing policies and compliance regulations. This helps to ensure
that organizations maintain the right regulatory mandates for audit and compliance purposes.
Taking a step back – it’s become abundantly clear that preventative solutions such as anti-virus
and firewall technology just aren’t cutting it. Automating the incident response lifecycle is one
practice that expertly assists the major task at hand – removing threats from within an
organization. While many organizations would prefer to steer clear of automating business-
critical aspects of the incident response (IR) lifecycle, there are, in fact, existing technologies
that offer automation only during certain parts of the IR workflow.
Companies that have implemented incident response teams and strategies are able to
implement – surgically and tactically – a subset of countermeasures they need to buy them time
to do the investigation, analysis and execute on their policy of remediation.
A single IR team member doesn’t conduct the investigation from soup to nuts; the tiers are
separated based on responsibility: initial triage, disposal, escalation of high-risk incidents, etc.
At the same time, it should be noted that the traditional nature of IR tiers has created human-
level process hand-offs that are prone to break.
A well-known example here is with the Target data breach – the detection team at the retail
giant discovered malware that was running on a Point-of-Sale system, but when this issue was
escalated to another group for remediation, the investigation wasn’t conducted in a timely
42 Cyber Warnings E-Magazine – January 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
