Page 41 - index
P. 41
are not properly tuned end up back on the shelf not being used at all. Unfortunately,
some companies that have recently been breached have found out later that one of the
tools they had failed to implement correctly could have detected the attack before it was
too late. You don’t want to end up in this position. When you purchase a new tool, be
sure you take the time to learn how it works and how to make it work for you.
8. Bonus sin!!!!! – Not taking advantage of the fruits of an incident investigation.
According to the previously mentioned Ponemon Report, 65 percent of respondents said
that threat feeds were one of the most effective tools for helping to detect breaches. Yet
54 percent said they did not collect threat indicators from their own incidents for use in
fighting future attacks.
Organizations need to realize that the information they glean during an incident
investigation is far more valuable than a third-party threat feed in determining which
types of attacks their network might experience in the future and being better equipped
to handle them.
Even skilled attackers have a tendency to reuse the same attack methods, exploits and
even attack infrastructure, because if it ain’t broke, why fix it? Learning from an incident
enables organizations to bolster defenses for the future and extract maximum value from
their incident response teams.
About the Author:
Brandon Tansey, Research Engineer
Brandon Tansey is a security researcher at Lancope working to find ways to
better utilize NetFlow to solve information security problems. He works as part
of the StealthWatch Labs team analyzing malware and researching other
threats. Prior to his current position at Lancope, Tansey worked as both a
security engineer and a security analyst.
41 Cyber Warnings E-Magazine – July 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
