Technology Planning: Incident Response

Prepare for the inevitable by developing a plan to more effectively respond to an incident.

• Secure executive buy-in.

• Identify your organization’s most valuable assets.

• Perform a risk assessment and address identified gaps.

• Create a threat model to understand the types of incidents your organization is most vulnerable to and their potential impact.

• Identify compliance and reporting requirements.

• Properly define roles and responsibilities and establish a communication plan to be used during an incident.

• Develop an incident response plan, including processes and procedures.

Security teams need the right instrumentation to detect, contain and eradicate threats.

• Consult an expert to identify gaps that exist within your existing security instrumentation.

• Invest in endpoint detection and response (EDR) and next-generation anti-virus (NGAV) solutions to provide comprehensive visibility into endpoint activity critical to detecting, investigating and mitigating advanced cyberthreats.

• Centralize logs and leverage an event log management solution to detect and investigate unusual or suspicious activity across the enterprise environment.

• Collect network telemetry to identify and track anomalous network traffic and baseline deviations.

• Minimize the attack surface of your environment through comprehensive vulnerability management solutions.

Organizations and threats constantly evolve. Conduct regular reviews of your incident response program.

• Conduct regular reviews of your incident response plan and update it as necessary.

• Leverage purple team and tabletop exercises to validate the efficacy of your incident response program.

• Never let a good incident go to waste. Learn from security incidents within and outside your organization.

• Stay abreast of the latest trends and attacker techniques and adapt your incident response program as necessary.