Incident Response

The 443 Episode 219 - CISA Incident Response Learnings

Nov 28, 2022 By WatchGuard In WatchGuard

On today's episode we cover a pair of alerts from the Cybersecurity Infrastructure and Security Agency (CISA), one detailing the tools, tactics and procedures from a prolific ransomware organization and another walking through a recent incident response engagement CISA completed with a federal agency. Before that though, we learn about what happens when you use a software component that hasn't received updates in 17 years.

View Video

WatchGuard

Read more about The 443 Episode 219 - CISA Incident Response Learnings

Three Tips for Creating Better Response and Recovery Plans

Nov 22, 2022 By Sedara In Sedara

Response and recovery plans are crucial to reduce the severity and time of security incidents. But many organizations aren’t sure where to start in building their plans. Here are three tips for building a better recovery plan. Subscribe to our channel to get more useful content to help you protect your organization.

View Video

Sedara

Read more about Three Tips for Creating Better Response and Recovery Plans

How Automation Playbooks Double Down on the Value of SOARs

Nov 18, 2022 By Chris Tozzi In Torq

So you’ve set up a Security Orchestration, Automation and Response (SOAR) platform. You’re now ready to detect, respond to and remediate whichever threats cyberspace throws at you, right? Well, not necessarily. In order to deliver their maximum value, SOAR tools should be combined with playbooks, which can be used to drive SOAR systems and ensure that SOARs remediate threats as quickly as possible — in some cases, without even waiting on humans to respond.

Read Post

Torq

Read more about How Automation Playbooks Double Down on the Value of SOARs

Micro Lesson: Create Custom Playbooks in Cloud SOAR

Nov 10, 2022 By Sumo Logic In Sumo Logic

Learn how to automate the incident response cycle with a custom playbook in Sumo Logic Cloud SOAR.

View Video

Sumo Logic

Read more about Micro Lesson: Create Custom Playbooks in Cloud SOAR

Business Continuity, Disaster Recovery, and Security Incident Response Plan - Sedara Whiteboard

Nov 9, 2022 By Sedara In Sedara

Incident response is a structured process organizations use to identify and deal with cybersecurity incidents. Response includes several stages, including preparation for incidents, detection and analysis of a security incident, containment, eradication, and full recovery, and post-incident analysis and learning. What are some tips for making effective plans? Watch this episode of Sedara's Whiteboard Series to find out.

View Video

Sedara

Read more about Business Continuity, Disaster Recovery, and Security Incident Response Plan - Sedara Whiteboard

6 Steps to Successful IR: Containment

Nov 3, 2022 By Lewis Fairburn In Pentest People

In the previous blog post, we discussed the importance of having a successful Incident Response Plan. In this blog post, we will go over the steps necessary to contain a breach. Containment is key to preventing the breach from spreading and affecting other parts of your business. By following these six steps, you can minimize the damage caused by a data breach and improve your chances of recovering quickly.

Read Post

Pentest People

Read more about 6 Steps to Successful IR: Containment

6 Steps to Successful IR: Identification

Nov 2, 2022 By Lewis Fairburn In Pentest People

In our last blog post, we discussed the importance of having a solid Incident Response plan in place. In this blog post, we will discuss the next step in that process: identification. Once you have determined that an incident has occurred, it is important to identify the scope of the issue as quickly as possible. This will help you determine the best course of action and ensure that your response is effective.

Read Post

Pentest People

Read more about 6 Steps to Successful IR: Identification

Network Detection and Incident Response with Open Source Tools

Nov 2, 2022 By Corelight In Corelight

When conducting incident response, EDR and firewall technologies can only show you so much. The breadth of network traffic provides an unrivalled source of evidence and visibility. Open-source security technologies such as Zeek, Suricata, and Elastic can deliver powerful network detection and response capabilities, furthermore the global communities behind these tools can also serve as a force multiplier for security teams, often accelerating response times to zero-day exploits via community-driven intel sharing.

View Video

Corelight

Read more about Network Detection and Incident Response with Open Source Tools

How to Create an Incident Response Procedure

Nov 2, 2022 By Cybriant In Cybriant

In the event of a data breach or security incident, having a well-defined incident response procedure can help contain the damage and minimize the risk of future incidents.

Read Post

Cybriant

Read more about How to Create an Incident Response Procedure

Centralized Log Management for Incident Response

Oct 27, 2022 By Graylog Security In Graylog

Today’s reality is that you’ll never be 100% secure. Remote work and digital transformation add more access points, devices, and applications than ever before. At the same time, your team is constantly responding to alerts that could be an incident. Although, most often, it’s not. Basically, you need to reduce the mean time to investigate (MTTI) and the mean time to respond (MTTR).

Read Post