A few weeks ago I had the pleasure of participating, as a guest speaker, in a webinar titled "Targeted Attack, Targeted Response: Designing and Implementing an IR Plan That Works". Joe Riggins, Senior Director of Incident Response for HBGary, moderated this Q&A format webinar. We discussed the current incident response (IR) challenges companies are facing, as well as specific steps organizations can take to design, test, and successfully implement an ongoing IR plan for their specific business environment.
The webinar recording can be accessed here.
In this webinar we discussed how incident response methodologies changed in the last few years. The security landscape has changed dramatically over the last couple of years and is expected to change even more. Subsequently, incident response methodologies have to adapt. Examples of things that are changing the incident response landscape:
The adoption of cloud computing is something that is changing the incident response methodologies. Everything is now sold "as-a-service"; whether is infrastructure-as-a-Service, software-as-a-Service, platform-as-a-Service. When you move to the cloud in a significant way, incident response is something you should start considering long before you make the move.Should cloud providers be offering incident response mechanisms? That’s a possibility; however, in the cloud incident response is all about data ownership, legal authority, and accessibility to affected systems; specially when some of the data can reside on-site and portions can reside in the cloud (on systems not controlled by you).I like a statement we made in our Annual Security Report:
A few years ago, employees were assigned laptops and told not to lose them. They were given logins to the company network, and told not to tell anyone their password. End of security training.Today, your “millennial” employees -- the people you want to hire because of the fresh ideas and energy they can bring to your business -- show up to their first day on the job toting their own phones, tablets, and laptops, and expect to integrate them into their work life.
Executive also expect others (including security personnel) to figure out how they can use their treasured devices, anywhere and anytime they want to, without putting the enterprise at risk. They want to work hard, from home or the office, using social networks and cloud applications to get the job done, while someone else builds seamless security into their interactions.Facebook and Twitter moved beyond just social networking sites for teens and geeks, and became vital channels for communicating with groups and promoting brands.Fears around security and data loss are a leading reason why some businesses don’t embrace social media, but many are adopting social media as vital resource within the organization. Some of these risks can be mitigated through the application of technology and user controls. However, there's no doubt that criminals have used social media networks to lure victims into downloading malware and handing over login passwords. In this example, incident response moves from things that you can control within your network to borderless boundaries outside of your organization.
Advanced Persistent Threats (APTs): Most threats in the past tended to be short-lived and easy to notice; however, a lot of today’s threats are more stealthy, specifically designed to quietly, slowly spread to other hosts, gathering information over extended periods of time and eventually leading to data theft and causing many other headaches.The sophistication of APT intrusion attempts varies and likely depends on the attacker’s objectives, the tools and techniques available to them, and the anticipated ability of their target both to detect and defend against an attack.
During the webinar I was asked "What are the three biggest challenges facing incident response teams?"That is a very hard question to answer. The following are three examples of the challenges incident response teams are facing; however, these are not the only challenges nowadays:
I invite you to go over the webinar recording for more information...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.