Issue link: https://insights.oneneck.com/i/1093615
CHAPTER 2 Implementing Best Practices to Reduce Ransomware Risks 15 These materials are © 2017 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. After an Attack: Scope, Contain, and Remediate Important actions after an attack has ended include the following: » Resuming normal business operations, including restoring backups and reimaging systems, as necessary » Collecting and preserving evidence for law enforcement and auditing purposes » Analyzing forensic data to predict and prevent future attacks, for example, by identifying related domains and malware with the associated IP addresses, file hashes, and domains » Performing root cause analysis, identifying lessons learned, and redeploying security assets, as necessary Predictive threat intelligence enables a proactive security pos- ture by enabling your organization to see the C2 infrastructure that attackers are leveraging for current and future attacks, and thereby always stay ahead of the threat.