Issue link: https://insights.oneneck.com/i/1517358
Enhancing Your Response Capabilities Fortra.com 4 Best Practices for Critical Response 1. Understand the criticality of your assets and categorize them. This is vital for scaling by applying policies to a category. Failure to do so may result in a management headache due to the number of assets spread across your environment. 2. Start with notifying appropriate personnel. This action carries the least risk of an unintended consequence because it requires review by a person prior to making a change to the security control. Patterns will emerge, enabling you to identify the types of incidents where you are confident the security control being adjusted will not yield an unintended consequence. 3. Add human-guided decision points where intuition is necessary before applying a policy update. Set-up the workflow where the security administrator only needs to click approve to execute the policy adjustment on the security control. 4. Consider comprehensive automation for incidents or assets where speed is of the essence. If predetermined conditions are triggered, the workflow automatically will execute the policy adjustment on the security control and inform security personnel for further forensics and hardening. Phase 1: Phase 2: Phase 3: Phase 4: Phase 5: Eiciency / Scalability Response Volume Response Time Slower Rapid Lower Higher Manual Response Nascent Exploring Human-Guided Automated Response Embracing Human-Guided Automated Response Exploring Fully Automated Response Embracing Fully Automated Response Response Human-Guided Automated Response Fully Automated Response Key Considerations Implementing automation in your response plan will enhance your defense strategy as it serves as a backstop when prevention tools are evaded. Start slow and increase at a pace that is comfortable for you. Find a partner that can help you adopt and implement automation into your response strategy. Page 5 Response to all incidents requires manual ntervention and i actions. The majority of incidents and alerts still require manual response, although demand for manual response begins to taper. Utilized for highly repetitive response tasks, known threats with well- documented responses, and non-critical systems. Use of human-guided automated response continues to expand to include critical assets where additional human intuition or response approval is required but rapid response is crucial. Fully automated response utilized for highly repetitive response tasks, known threats with well documented responses, and non-critical systems. Human-guided automated response utilized for critical assets where additional human intuition or response approval is required , but rapid response is crucial. Manual response reserved for unknown threats and systems where automated response is not technically possible. Broader adoption of fully automated response spans highly repetitive response tasks, known threats with well-documented responses for both critical and non-critical systems. Fewer response actions demand manual response. Typically reserved for unknown, complex threats involving highly integrated systems and systems where automated response is not technically possible.