Article
2 min
Incident Response Technology Planning
The process of improving security.
Ensuring a comprehensive incident response plan is key to successful security. But it requires a thoughtful approach and point-by-point plan.
Working with CDW on Improved Incident Response
PHASE 1
Preparation
Prepare for the inevitable by developing a plan to respond to an incident more effectively.
- Secure executive sponsorship
- Identify your organization’s cyber insurance requirements related to incident response
- Identify your organization’s most valuable assets
- Establish a cybersecurity framework baseline
- Perform a maturity assessment, gap analysis and a penetration test to identify gaps
- Prioritize and address identified gaps
- Create a threat model to understand the types of incidents your organization is most vulnerable to and their potential impact
- Identify compliance and reporting requirements
- Properly define roles and responsibilities and establish a communication plan to be used during an incident
- Develop an incident response plan, including processes and procedures
- Develop a playbook and conduct tabletop exercises
PHASE 2
Instrumentation
Security teams need the right instrumentation to detect, contain and eradicate threats.
- Consult an expert to identify gaps that exist within your existing security instrumentation
- Ensure proper segmentation and isolation of business units based on user roles and devices present on the network, to isolate incident impact and prevent lateral movement
- Invest in Endpoint Detection and Response (EDR) and Next-Generation Anti-Virus (NGAV) solutions to provide comprehensive visibility into endpoint activity critical to detecting, investigating and mitigating advanced cyberthreats
- Centralize logs and leverage an event log management solution to detect and investigate unusual or suspicious activity across the enterprise environment
- Collect network telemetry to identify and track atypical network traffic and baseline deviations
- Minimize the attack surface of your environment through comprehensive vulnerability management solutions
PHASE 3
Maintenance
Organizations and threats constantly evolve. Conduct regular reviews of your incident response program.
- Implement continuous monitoring through a managed detection provider
- Perform regular tabletop exercises to validate the efficacy of your incident response program
- Perform regular patch maintenance on your servers
- Conduct regular reviews and testing of your incident response plan and update it as necessary
- Leverage purple team exercises to evaluate the efficacy of your incident response team
- Learn from security incidents within and outside of your organization
- Stay abreast of the latest trends and attacker techniques and adapt your incident response program as necessary
CDW Services to Support Your Incident Response Journey
CDW Security Maturity Assessment
Establish a cybersecurity strategy based on industry-standard frameworks.
CDW AmplifiedTM Detect and Respond
Proactive help identifying and responding to an array of breach types.
MKT53520