Issue link: https://insights.oneneck.com/i/1463395
AlertLogic.com C A S E S T U DY: M I S S I O N 8 8 BEST PRACTICES FOR CRITICAL RESPONSE KEY CONSIDERATIONS Ask Yourself Is your security staffing level adequate to handle the cybersecurity challenges you are facing today? In the coming years? What are the consequences of a breach on your operations? Can you staff a security operations center (SOC) 24/7? How do you address different types of incidents? Is improving your critical response capabilities a top strategic security objective this year? 1. Understand the criticality of your assets and categorize them. This is vital for scaling by applying policies to a category. Failure to do so may result in a management headache due to the number of assets spread across your environment. 2. Start with notifying appropriate personnel. This action carries the least risk of an unintended consequence because it requires human review prior to making a change to the security control. Patterns will emerge, enabling you to identify the types of incidents where you are confident the security control being adjusted will not yield an unintended consequence. 3. Add human-guided decision points where intuition is necessary before applying a policy update. Set-up the workflow where the security administrator only needs to click approve to execute the policy adjustment on the security control. 4. For incidents or assets where speed is of the essence, consider comprehensive automation. If predetermined conditions are triggered, the workflow will automatically execute the policy adjustment on the security control and inform security personnel for further forensics and hardening. Implementing automation within your response plan will enhance your defense in depth strategy as it serves as a backstop when prevention tools are evaded. Start slow and increase at a comfortable pace. Also, find a partner that can help you adopt automation, as this is critical to increase your security posture. Real-time alerts can proactively maintain current and accurate awareness. Having Alert Logic handle the detection and response allows our IT team flexibility to help in areas that need constant supervision. Brett T. IT Infrastructure Engineer, Alert Logic Customer G2 Review