eBooks/eGuides

AlertLogic.com C A S E S T U DY: M I S S I O N 3 3 Detection Strength: Trust that the underpinning of an effective response strategy is broad detection. This requires a broad log ingestion ecosystem, allowing for the appropriate depth of data and breadth of sources to detect across the entire kill chain. Outcomes can then scale through analytics while implementing advanced technologies (e.g., machine learning and building extensions) through API-based connections. Visibility into pre- and post-breach environments, analyzing data, and producing insights across the IT estate are critical to enable response actions spanning network, endpoint, and cloud environments. Various data sources are also needed during forensics to complete the picture of an attack. Broad Response Coverage: Discover the ingress and egress points. An organization's IT estate is dynamic, but the constants will always include endpoints (client and server), network (firewall, WAF), cloud (AWS, Azure, GCP), and identity (Active Directory, SSO). These are a sampling of sources for telemetry data which are key to detecting incidents. However, they also represent the targets where the response action will occur to minimize the damage of a detected breach. An effective response strategy should include a policy update applied at the endpoints, the network edge, and the cloud service provider. Risk Profile: Consider the value of an asset and type of attack...... A revenue generating asset, such as an ecommerce server, will have a different response than a non-critical asset, like a print server. To understand the type of attack against an asset, ensure you have access to the security content detail, including analytics content and configuration requirements. These insights should be provided in an actionable way. As your IT estate grows in size and complexity, the ability to classify assets with similar criteria to apply the response actions is imperative. Failure to do so will result in significant management challenges. DRIVERS FOR OPTIMAL RESPONSE As you evolve your cybersecurity strategy you need to ensure you have a strong, comprehensive response plan that is built on a solid foundation: Seven Key Pillars for Effective Response Strategy A strong response strategy begins with detection. To cover your entire IT estate, you must have broad and deep detection capabilities or response capabilities will be limited. Ensure you have coverage everywhere you operate. Responding effectively to security events means that responses are tailored to each threat, system and execution environment, as well as to compliance and regulatory requirements, customer obligations, and the organization's overall risk appetite. Practical Requirements for Responding to Cyberthreats with MDR, 451 Research, S&P Global Market Intelligence, Pathfinder Report, 2021

• Cover