There are frameworks available that will equip you to understand where you sit in the threat landscape, who might target you, why and how. Such frameworks help you craft a security strategy that combines your knowledge of the threats you face, how you should structure and support your ecosystem for detection and response, and align these with your board’s overarching goals and objectives. It can guide the incremental improvements you make to continuously assess your security. Your board is likely to know where and how technology fits in to your long-term business and growth strategy. Crucially, you need to factor in how these plans affect your risk profile.
Giving ample time to integrate security into the process of choosing, implementing, and maintaining the technologies being added to your IT estate is an essential element of your long-term security strategy. Adding to the complexity is the fact that your attack surface is fluid. Every time new endpoints, hardware, software and even people are added to it, these new vulnerabilities need to be tracked and managed. This is where Continuous Response methodology comes into the picture as it puts the right people in the right place at the right time, equips them with the right information to make a decision, and gives them the ability to take the right action. In order to respond to attacks you effectively also need people in order to defeat people. When an attacker is live on your estate, you need skilled individuals with clear processes and technology to battle them. Defined roles and responsibilities are the hallmarks of Continuous Response. The minute an attack is detected, multiple people across your organisation need to work together. Collaboration is also essential to enable fast decision making, with clean lines of remit across your IT estate and the ability to escalate where required. An organisation’s IT team is instrumental in Continuous Response. No one collectively knows the organisation’s estate better. And for collaboration, it is crucial that the entire estate is represented by a person or persons who have the day-to-day responsibility for each element.
This can include responsibility for: hardware; software; servers; applications and; a map of the IT estate and all of the programs running on it with who has access to what resources. Assigning a team member to know each element and all its facets can save hours and sometimes even days or months during an incident. It is worth noting that if the employees allocated to incident response perform business-critical functions in your day-to-day, it is suggested that they have a back-up team member to handle their business-as-usual responsibilities when they’re called on to an incident – or if they take sick or vacation leave.
Time is also of the essence when there is an active threat on your network. Your first responders can greatly reduce the time that hostiles remain in control and ensure optimum containment and remediation. Your team should have, as a minimum: Knowledge of your organization’s policies and procedures for evidence handling; The ability to pull data from memory, disk, network, and logs; Methods for tracking evidence, analysis and triaging and; The ability to manage an incident for the first 48 hours after detection, alongside the primary contact. Continuous Response methodology puts the right people in the right place at the right time while collaboration equips them with the right information to make a decision and the ability to take the right action. It needs to be developed to guide organisations to manage incidents as they arise, provide a framework for fast decision making, offer a thorough understanding of the impact of certain actions and cultivate the ability to gather evidence, intelligence and forensics as the attack is happening. In short, it’s about making you ready to respond to an attack in its earliest possible stages, whenever it might hit.