SlideShare ist ein Scribd-Unternehmen logo
1 von 8
Downloaden Sie, um offline zu lesen
Preparing
for future
attacks
http://go.symantec.com/cyber-resilience
More Focus, Less Risk.
Solution Brief:
Implementing
the right security
strategy now
Solution brief: implementing the right security strategy now
Introduction
Recent malware incidents have
shown how costly and damaging
cyber attacks can be.
The Stuxnet worm is believed to have significantly affected Iranian nuclear
processing, and was widely considered to be the first operational cyber
weapon.1
Shamoon was able to compromise and incapacitate 30,000 work
stations within an oil producing organization.2
Another targeted malware
attack against a public corporation resulted in the company declaring a $66
million loss relating to the attack.3
Such attacks may not necessarily be successful, but when attackers do find
their way inside an organization’s systems, a swift, well-prepared response
can quickly minimize damage and restore systems before significant harm
can be caused.
In order to prepare such a response, organizations must understand how
attacks can progress, develop a counteractive strategy, decide who will carry
out which actions and then practice and refine the plan.
http://go.symantec.com/cyber-resilience
Understanding attacks
An attack starts with a point of ingress to the organization. This may be an
unsecured system that hackers are able to access, a vulnerable machine on
which malware is executed, or a user who has been duped into installing
malware. This point of ingress may then be exploited to spread attacks through
the network, either by hacking other systems or by using malware to exploit
unpatched system vulnerabilities and install itself on other systems.
Once a system is compromised, attackers may install further malware, or
take control of the system and send commands for execution. Attackers may
seek to exfiltrate information such as confidential files or usernames and
passwords held on the system.
Protecting against attacks
Most attacks can be defended against with the implementation of basic
information security practices. The Australian Department of Defense found
that implementing four mitigation strategies was sufficient to prevent 85
percent of targeted attacks.4
The British Government has advised that
focusing on ten key areas is sufficient to counteract most cyber threats,5
while the US has put forth the National Institute of Standards and Technology
(NIST) framework.
At a minimum, an organization should ensure that network traffic and systems
are scanned for malware and that logs of system and network activity are kept
for forensic analysis if necessary. Additionally, regular backups are vital to ensure
that damaged systems can be restored to a normal working state.
Adequate information security defenses reduce the likelihood of attacks
succeeding. However, behind every cyber attack headline is an organization
that believed its defenses were sufficient. Major incidents do occur and need
to be planned for, in order to reduce disruption to the business, minimize
harm and reduce the time required for recovery.
Solution brief: implementing the right security strategy now
Ingress Expand attack Exfiltrate attack
Attacker
User
Attacker
Issue commands
http://go.symantec.com/cyber-resilience
These actions may impact users and services throughout the organization.
Notably, they may effect how users, and indeed the response team,
usually communicate. Therefore, consideration needs to be given to how
communication will be maintained and how users and executives will be
kept up-to-date with the progress of incident resolution.
Forensic analysis should be used, not only to help identify if data has been
compromised, but also to assess how attackers initially penetrated the
systems. The vulnerability that was exploited to gain access needs to be
addressed as a priority to prevent the attack from being repeated as soon as
it has been resolved. The collection and preservation of forensic information
may also help in identifying and prosecuting those responsible for the attack.
Solution brief: implementing the right security strategy now
Preparing for incidents
Organizations should expect sophisticated attacks to be launched against
their systems and prepare for this eventuality accordingly. In practice, such
attacks are rare. However, by keeping abreast of the latest attacks and
attacker techniques, organizations can verify that their systems are capable of
detecting and repelling such threats.
Attention to the preparation process ensures that when an attack occurs,
it is rapidly detected. Many identified incidents may be, on closer analysis,
false positives, and many will be minor and will not require a major response.
Nevertheless, organizations should be sure that they are capturing and recording
all incidents so that the attacks that do require attention are quickly identified
and escalated. To do this, it is important to determine the escalation criterion and
mechanism by which a detected incident will activate an incident plan.
The first step of the incident plan should be an assessment of the situation. This
should be followed by actions to prevent the attack from spreading to affect more
systems and to prevent further harm from being incurred. Systems that have been
infected will need to be isolated to contain the attack. Systems as yet uninfected
may need to be temporarily disabled to prevent the attack from spreading
internally, and network access may need to be curtailed.
Prepare for attacks Implement response plan Refine response plan
Figure 2: Incidence response phases
Preparation Response RecoveryDetection Review
Time
Attacker
Ingress
Attacker
Detected
System
s
Secured
Norm
al
Operation
Resum
ed
http://go.symantec.com/cyber-resilience
The recovery phase involves restoring systems to their pre-infection state.
Access to recent backups of the affected systems can greatly facilitate
this process, providing they are free from malware. Care must be taken to
ensure that systems are restored to an infection-free state.
Each incident should be subsequently reviewed to identify which procedures
worked well, and where existing practices were lacking. The opportunity
should be taken to learn from the incident and improve procedures in order
to improve the security posture of the organization.
Creating a response team
Every organization needs not only a response plan, but also a team that
will implement it. So, a key factor for success will be the support of senior
management. Indeed, when an incident is evolving fast, the involvement
of a senior manager with the authority to approve whatever measures are
necessary to contain and resolve the incident may be vital for gaining a
speed advantage over the attackers.
Relevant stakeholders from departments that may be affected by an
incident will need to be included as part of the response team. However,
the greatest input to the team will be from the technical staff, who will
implement the plan and possess the skills to remediate damage.
Organizations shouldn’t feel that every position in the response team needs
to be filled by in-house staff. External expertise should be considered for the
specialist skills, and experience with similar incidents, that can be brought
to the team.
The composition of the team also needs to be regularly reviewed. Members
may be required to be on-call for extended periods of time and might
benefit from being rotated out of the incident team in order to rest. Equally,
exercises and testing could identify additional skills that need to be brought
into the team.
Solution brief: implementing the right security strategy now
http://go.symantec.com/cyber-resilience
Testing the plan
Major attacks are rare events. The ideal outcome is that the incident plan
and the skills of the response team will never need to be put into action.
However, relying on this possibility brings risks of its own. Regularly testing
the incident plan will reveal areas of weakness and prevent skills from being
forgotten through lack of use.
Testing exercises may be paper-based, where the response to an evolving
attack and resolution of the incident is played out on a theoretical basis.
Or, such testing may be scheduled as a live exercise involving a team of
penetration testers that simulate how attackers may compromise systems.
Regular exercises ensure that team members are comfortable with their roles
and responsibilities. Testing a variety of different attack scenarios ensures
that procedures are both comprehensive and flexible enough to respond to
future attacks. Teams should adopt the model of: plan, do, check and act.
Plan	 Establish objectives, policies and procedures to meet the
	 requirements of the business.
Do	 Implement these policies and procedures.
Check	 Verify if these are effective at meeting objectives in practice.
Act	 Take action to modify plans according to experience gained to
	 refine and improve.
Solution brief: implementing the right security strategy now
More focus, less risk.
	
	
P
lan
	
	
D
o	
	
Ac
t 	
	 Che
ck
http://go.symantec.com/cyber-resilience
Conclusion
Understanding how attacks can occur,
implementing the right procedures
and developing a clear response
strategy can help organizations to
counteract future threats and recover
from incidents more quickly.
References
1	 N. Falliere, L. O. Murchu, E. Chien, “W32. Stuxnet Dossier”, Symantec
Security Response Whitepaper, February 2007
S. Davies, “Out of Control”, Engineering & Technology v.6 (6) p.60-62,
July 2011
2	 D. Walker “Saudi Oil Company Back Online After Cyber Sabotage
Attempt”, SC Magazine, 27 Aug 2012
3	 H. Tsukayama, “Cyber Attack on RSA Cost EMC $66 Million”, The
Washington Post, 26 Jul 2011
4	 “Top Four Mitigation Strategies to Protect Your ICT System”, Australian
Government Department of Defence Intelligence and Security, p. 1,
September 2011
5	 “Executive Companion: 10 Steps to Cyber Security”, Dept. for Business
Innovation & Skills, Centre for the Protection of National Infrastructure,
Office of Cyber Security & Information Assurance, p. 1, September 2012
Solution brief: implementing the right security strategy now
http://go.symantec.com/cyber-resilience
Further reading
“Computer Security Incident Handling Guide. Recommendations of the
National Institute of Standards and Technology”, NIST SP 800-61 rev. 2.
“Guide to Malware Incident Prevention and Handling. Recommendations of
the National Institute of Standards and Technology”, NIST SP 800-83.
BS ISO/IEC 27002:2005 Information technology – Security techniques
– Code of practice for information security management.
BS ISO/IEC 27035:2011 Information technology – Security techniques
– Information security incident management.
PD ISO/IEC TR 18044:2004 Information technology – Security techniques
– Information security incident management.
BS ISO/IEC 27031:2011 Information technology – Security techniques
– Guidelines for information and communication technology readiness
for business continuity.
“Best Practices for Troubleshooting Viruses on a Network”,
Symantec Knowledge Base
B. Nahorney & E. Maengkom, “Containing an Outbreak.
How to clean your network after an incident.”, Symantec Security
Response Whitepaper.
Symantec Security Response, “Security Best Practices”
Symantec Training, “Security Awareness Program”
Solution Brief: Symantec Managed Security Services, “Symantec Security
Monitoring Services: Security log management, monitoring, and analysis by
certified experts”
Solution Brief: Symantec Managed Security Services, “Symantec Managed
Protection Services: Optimize enterprise security protection while
maintaining control”
Symantec Corporation
World Headquarters
350 Ellis Street
Mountain View, CA 94043
USA
+1 (650) 527-8000
1 (800) 721-3934
www.symantec.com
For specific country offices
Symantec is a global leader in providing
security, storage and systems management
solutions to help customers secure and
manage their information and identities.
Copyright©2014SymantecCorporation.All
rights reserved. Symantec, the
Symantec Logo, and the Checkmark Logo
are trademarks or registered trademarks
of Symantec Corporation or its affiliates in
the U.S. and other countries. Other names
may be trademarks of their respective
owners. 07/14 PN21335651
For these and any additional resources,
visit: http://go.symantec.com/cyber-resilience
http://go.symantec.com/cyber-resilience
More Focus, Less Risk.

Más contenido relacionado

Was ist angesagt?

Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...Outpost24
 
Importance Of Structured Incident Response Process
Importance Of Structured Incident Response ProcessImportance Of Structured Incident Response Process
Importance Of Structured Incident Response ProcessAnton Chuvakin
 
Incident Response Test
Incident Response TestIncident Response Test
Incident Response TestSiemplify
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team  -  NIMS  -  Public CommentCyber Incident Response Team  -  NIMS  -  Public Comment
Cyber Incident Response Team - NIMS - Public CommentDavid Sweigert
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesRyan Faircloth
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management ProgramDennis Chaupis
 
VIPRE --Responding to Cyberattacks
VIPRE --Responding to CyberattacksVIPRE --Responding to Cyberattacks
VIPRE --Responding to CyberattacksAbhishek Sood
 
Designing NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsDesigning NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsArun Prabhakar
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadOpenDNS
 
A Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System RiskA Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System Riskamiable_indian
 
Justifying IT Security: Managing Risk
Justifying IT Security: Managing Risk Justifying IT Security: Managing Risk
Justifying IT Security: Managing Risk judythornell
 
Фишинг — проклятие или возможность для ИБ?
Фишинг — проклятие или возможность для ИБ? Фишинг — проклятие или возможность для ИБ?
Фишинг — проклятие или возможность для ИБ? Positive Hack Days
 
Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response PlanMatthew J McMahon
 
Software safety in embedded systems & software safety why, what, and how
Software safety in embedded systems & software safety   why, what, and how Software safety in embedded systems & software safety   why, what, and how
Software safety in embedded systems & software safety why, what, and how bdemchak
 

Was ist angesagt? (19)

Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
 
Importance Of Structured Incident Response Process
Importance Of Structured Incident Response ProcessImportance Of Structured Incident Response Process
Importance Of Structured Incident Response Process
 
Incident Response Test
Incident Response TestIncident Response Test
Incident Response Test
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team  -  NIMS  -  Public CommentCyber Incident Response Team  -  NIMS  -  Public Comment
Cyber Incident Response Team - NIMS - Public Comment
 
Penetration Testing Guide
Penetration Testing GuidePenetration Testing Guide
Penetration Testing Guide
 
A Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use CasesA Framework for Developing and Operationalizing Security Use Cases
A Framework for Developing and Operationalizing Security Use Cases
 
Vulnerability Management Program
Vulnerability Management ProgramVulnerability Management Program
Vulnerability Management Program
 
when minutes counts
when minutes countswhen minutes counts
when minutes counts
 
VIPRE --Responding to Cyberattacks
VIPRE --Responding to CyberattacksVIPRE --Responding to Cyberattacks
VIPRE --Responding to Cyberattacks
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk Assessments
 
Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01Information systems risk assessment frame workisraf 130215042410-phpapp01
Information systems risk assessment frame workisraf 130215042410-phpapp01
 
Designing NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsDesigning NextGen Threat Identification Solutions
Designing NextGen Threat Identification Solutions
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
 
Risk Management Methodology - Copy
Risk Management Methodology - CopyRisk Management Methodology - Copy
Risk Management Methodology - Copy
 
A Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System RiskA Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System Risk
 
Justifying IT Security: Managing Risk
Justifying IT Security: Managing Risk Justifying IT Security: Managing Risk
Justifying IT Security: Managing Risk
 
Фишинг — проклятие или возможность для ИБ?
Фишинг — проклятие или возможность для ИБ? Фишинг — проклятие или возможность для ИБ?
Фишинг — проклятие или возможность для ИБ?
 
Sample Incident Response Plan
Sample Incident Response PlanSample Incident Response Plan
Sample Incident Response Plan
 
Software safety in embedded systems & software safety why, what, and how
Software safety in embedded systems & software safety   why, what, and how Software safety in embedded systems & software safety   why, what, and how
Software safety in embedded systems & software safety why, what, and how
 

Andere mochten auch

Livro Verde: Educação na Sociedade Informação
Livro Verde: Educação na Sociedade InformaçãoLivro Verde: Educação na Sociedade Informação
Livro Verde: Educação na Sociedade InformaçãoLucila Pesce
 
internationalconppt052915
internationalconppt052915internationalconppt052915
internationalconppt052915Patrick Hagen
 
Thermo Group CA patrocina Maratón Guarenas segunda edición
Thermo Group CA patrocina Maratón Guarenas segunda ediciónThermo Group CA patrocina Maratón Guarenas segunda edición
Thermo Group CA patrocina Maratón Guarenas segunda ediciónDaneil Micca
 
Don R Jr. presentation 32416
Don R Jr. presentation 32416Don R Jr. presentation 32416
Don R Jr. presentation 32416Pegg Milroy CESP
 
Dante AV Networking World CTS RU Certification
Dante AV Networking World CTS RU CertificationDante AV Networking World CTS RU Certification
Dante AV Networking World CTS RU CertificationDonald N. Klukas
 
UDS Don r jr. presentation 32416
UDS Don r jr. presentation 32416UDS Don r jr. presentation 32416
UDS Don r jr. presentation 32416Pegg Milroy CESP
 
Apresentação defesa civil
Apresentação defesa civilApresentação defesa civil
Apresentação defesa civilClaudio Werlich
 
Changing Hair Style Trends By Thermo Group CA
Changing Hair Style Trends By Thermo Group CAChanging Hair Style Trends By Thermo Group CA
Changing Hair Style Trends By Thermo Group CADaneil Micca
 

Andere mochten auch (10)

Livro Verde: Educação na Sociedade Informação
Livro Verde: Educação na Sociedade InformaçãoLivro Verde: Educação na Sociedade Informação
Livro Verde: Educação na Sociedade Informação
 
internationalconppt052915
internationalconppt052915internationalconppt052915
internationalconppt052915
 
Thermo Group CA patrocina Maratón Guarenas segunda edición
Thermo Group CA patrocina Maratón Guarenas segunda ediciónThermo Group CA patrocina Maratón Guarenas segunda edición
Thermo Group CA patrocina Maratón Guarenas segunda edición
 
Don R Jr. presentation 32416
Don R Jr. presentation 32416Don R Jr. presentation 32416
Don R Jr. presentation 32416
 
скајфи позив Final
скајфи позив Finalскајфи позив Final
скајфи позив Final
 
Dante AV Networking World CTS RU Certification
Dante AV Networking World CTS RU CertificationDante AV Networking World CTS RU Certification
Dante AV Networking World CTS RU Certification
 
Emulsion asfaltica
Emulsion asfalticaEmulsion asfaltica
Emulsion asfaltica
 
UDS Don r jr. presentation 32416
UDS Don r jr. presentation 32416UDS Don r jr. presentation 32416
UDS Don r jr. presentation 32416
 
Apresentação defesa civil
Apresentação defesa civilApresentação defesa civil
Apresentação defesa civil
 
Changing Hair Style Trends By Thermo Group CA
Changing Hair Style Trends By Thermo Group CAChanging Hair Style Trends By Thermo Group CA
Changing Hair Style Trends By Thermo Group CA
 

Ähnlich wie Preparing for future attacks - the right security strategy

Automated Incident Handling Using SIM
Automated Incident Handling Using SIMAutomated Incident Handling Using SIM
Automated Incident Handling Using SIMAnton Chuvakin
 
6 Strategies to Prevent a Ransomware Attack.ppt
6 Strategies to Prevent a Ransomware Attack.ppt6 Strategies to Prevent a Ransomware Attack.ppt
6 Strategies to Prevent a Ransomware Attack.pptcybernewslive
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoMark John Lado, MIT
 
Cybersecurity Incident Response Planning.pdf
Cybersecurity Incident Response Planning.pdfCybersecurity Incident Response Planning.pdf
Cybersecurity Incident Response Planning.pdfCiente
 
Practical Guide to Managing Incidents Using LLM's and NLP.pdf
Practical Guide to Managing Incidents Using LLM's and NLP.pdfPractical Guide to Managing Incidents Using LLM's and NLP.pdf
Practical Guide to Managing Incidents Using LLM's and NLP.pdfChris Galvan
 
Security operations center 5 security controls
 Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
Chapter 33Incident Response and Forensic AnalysisCopyright ©.docx
Chapter 33Incident Response and Forensic AnalysisCopyright ©.docxChapter 33Incident Response and Forensic AnalysisCopyright ©.docx
Chapter 33Incident Response and Forensic AnalysisCopyright ©.docxchristinemaritza
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilienceSymantec
 
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALDefending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALMichael Bunn
 
A Guide for Businesses.pdf
A Guide for Businesses.pdfA Guide for Businesses.pdf
A Guide for Businesses.pdfDaviesParker
 
chapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimechapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimemuhammad awais
 
Enterprise security management II
Enterprise security management   IIEnterprise security management   II
Enterprise security management IIzapp0
 
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docxChapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docxwalterl4
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji JacobBeji Jacob
 
Dynamic Vulnerability Analysis, Intrusion Detection, And...
Dynamic Vulnerability Analysis, Intrusion Detection, And...Dynamic Vulnerability Analysis, Intrusion Detection, And...
Dynamic Vulnerability Analysis, Intrusion Detection, And...Jennifer Moser
 
Sensible defence
Sensible defenceSensible defence
Sensible defenceKoen Maris
 

Ähnlich wie Preparing for future attacks - the right security strategy (20)

Automated Incident Handling Using SIM
Automated Incident Handling Using SIMAutomated Incident Handling Using SIM
Automated Incident Handling Using SIM
 
6 Strategies to Prevent a Ransomware Attack.ppt
6 Strategies to Prevent a Ransomware Attack.ppt6 Strategies to Prevent a Ransomware Attack.ppt
6 Strategies to Prevent a Ransomware Attack.ppt
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John Lado
 
Cybersecurity Incident Response Planning.pdf
Cybersecurity Incident Response Planning.pdfCybersecurity Incident Response Planning.pdf
Cybersecurity Incident Response Planning.pdf
 
Practical Guide to Managing Incidents Using LLM's and NLP.pdf
Practical Guide to Managing Incidents Using LLM's and NLP.pdfPractical Guide to Managing Incidents Using LLM's and NLP.pdf
Practical Guide to Managing Incidents Using LLM's and NLP.pdf
 
Security operations center 5 security controls
 Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
Chapter 33Incident Response and Forensic AnalysisCopyright ©.docx
Chapter 33Incident Response and Forensic AnalysisCopyright ©.docxChapter 33Incident Response and Forensic AnalysisCopyright ©.docx
Chapter 33Incident Response and Forensic AnalysisCopyright ©.docx
 
Symantec cyber-resilience
Symantec cyber-resilienceSymantec cyber-resilience
Symantec cyber-resilience
 
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINALDefending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
Defending Against Advanced Threats-Addressing the Cyber Kill Chain_FINAL
 
A Guide for Businesses.pdf
A Guide for Businesses.pdfA Guide for Businesses.pdf
A Guide for Businesses.pdf
 
chapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimechapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crime
 
Enterprise security management II
Enterprise security management   IIEnterprise security management   II
Enterprise security management II
 
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docxChapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docx
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacob
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Security-Brochure
Security-BrochureSecurity-Brochure
Security-Brochure
 
Cybersecurity
Cybersecurity Cybersecurity
Cybersecurity
 
Grupo 4 - TEMA II.pptx
Grupo 4  - TEMA II.pptxGrupo 4  - TEMA II.pptx
Grupo 4 - TEMA II.pptx
 
Dynamic Vulnerability Analysis, Intrusion Detection, And...
Dynamic Vulnerability Analysis, Intrusion Detection, And...Dynamic Vulnerability Analysis, Intrusion Detection, And...
Dynamic Vulnerability Analysis, Intrusion Detection, And...
 
Sensible defence
Sensible defenceSensible defence
Sensible defence
 

Mehr von RapidSSLOnline.com

Tackle ERR_SSL_PROTOCOL_ERROR in Google Chrome
Tackle ERR_SSL_PROTOCOL_ERROR in Google ChromeTackle ERR_SSL_PROTOCOL_ERROR in Google Chrome
Tackle ERR_SSL_PROTOCOL_ERROR in Google ChromeRapidSSLOnline.com
 
Viewing SSL Certificate in Chrome | RapidSSLonline
Viewing SSL Certificate in Chrome | RapidSSLonlineViewing SSL Certificate in Chrome | RapidSSLonline
Viewing SSL Certificate in Chrome | RapidSSLonlineRapidSSLOnline.com
 
Compare GeoTrust True BusinessID SSL Data Sheet
Compare GeoTrust True BusinessID SSL Data SheetCompare GeoTrust True BusinessID SSL Data Sheet
Compare GeoTrust True BusinessID SSL Data SheetRapidSSLOnline.com
 
Introducing TLS 1.3 – The future of Encryption
Introducing TLS 1.3 – The future of EncryptionIntroducing TLS 1.3 – The future of Encryption
Introducing TLS 1.3 – The future of EncryptionRapidSSLOnline.com
 
GUIDE ON INSTALLING SSL CERTIFICATE ON IBM HTTP SERVER
GUIDE ON INSTALLING SSL CERTIFICATE ON IBM HTTP SERVERGUIDE ON INSTALLING SSL CERTIFICATE ON IBM HTTP SERVER
GUIDE ON INSTALLING SSL CERTIFICATE ON IBM HTTP SERVERRapidSSLOnline.com
 
Cybersecurity Compliance can Make or Break Your Business - DigiCert - Symantec
Cybersecurity Compliance can Make or Break Your Business - DigiCert - SymantecCybersecurity Compliance can Make or Break Your Business - DigiCert - Symantec
Cybersecurity Compliance can Make or Break Your Business - DigiCert - SymantecRapidSSLOnline.com
 
Adobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL GuideAdobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL GuideRapidSSLOnline.com
 
How to Move SSL Certificate from Windows Server to Another Windows Server
How to Move SSL Certificate from Windows Server to Another Windows ServerHow to Move SSL Certificate from Windows Server to Another Windows Server
How to Move SSL Certificate from Windows Server to Another Windows ServerRapidSSLOnline.com
 
Symmetric and Asymmetric Encryption
Symmetric and Asymmetric EncryptionSymmetric and Asymmetric Encryption
Symmetric and Asymmetric EncryptionRapidSSLOnline.com
 
SSL / TLS Validation | CASecurity.org | RapidSSLonline
SSL / TLS Validation | CASecurity.org | RapidSSLonlineSSL / TLS Validation | CASecurity.org | RapidSSLonline
SSL / TLS Validation | CASecurity.org | RapidSSLonlineRapidSSLOnline.com
 
Geek Guide: Apache Web Servers and SSL Authentication
Geek Guide: Apache Web Servers and SSL AuthenticationGeek Guide: Apache Web Servers and SSL Authentication
Geek Guide: Apache Web Servers and SSL AuthenticationRapidSSLOnline.com
 
A Complete RapidSSL Guide on Securing Online Business with SSL Certificate
A Complete RapidSSL Guide on Securing Online Business with SSL CertificateA Complete RapidSSL Guide on Securing Online Business with SSL Certificate
A Complete RapidSSL Guide on Securing Online Business with SSL CertificateRapidSSLOnline.com
 
Google Chrome 56 What You Need to Know?
Google Chrome 56   What You Need to Know?Google Chrome 56   What You Need to Know?
Google Chrome 56 What You Need to Know?RapidSSLOnline.com
 
The Hidden Costs of SelfSigned SSL Certificates
The Hidden Costs of SelfSigned SSL Certificates The Hidden Costs of SelfSigned SSL Certificates
The Hidden Costs of SelfSigned SSL Certificates RapidSSLOnline.com
 
5 Steps for Preventing Ransomware
5 Steps for Preventing Ransomware5 Steps for Preventing Ransomware
5 Steps for Preventing RansomwareRapidSSLOnline.com
 
2016 Symantec Internet Security Threat Report
2016 Symantec Internet Security Threat Report2016 Symantec Internet Security Threat Report
2016 Symantec Internet Security Threat ReportRapidSSLOnline.com
 
How Does The Wildcard SSL Work?
How Does The Wildcard SSL Work?How Does The Wildcard SSL Work?
How Does The Wildcard SSL Work?RapidSSLOnline.com
 
Uncover threats and protect your organization
Uncover threats and protect your organizationUncover threats and protect your organization
Uncover threats and protect your organizationRapidSSLOnline.com
 
A New Zero-Day Vulnerability Discovered Every Week in 2015
A New Zero-Day Vulnerability Discovered Every Week in 2015A New Zero-Day Vulnerability Discovered Every Week in 2015
A New Zero-Day Vulnerability Discovered Every Week in 2015RapidSSLOnline.com
 

Mehr von RapidSSLOnline.com (20)

Tackle ERR_SSL_PROTOCOL_ERROR in Google Chrome
Tackle ERR_SSL_PROTOCOL_ERROR in Google ChromeTackle ERR_SSL_PROTOCOL_ERROR in Google Chrome
Tackle ERR_SSL_PROTOCOL_ERROR in Google Chrome
 
Viewing SSL Certificate in Chrome | RapidSSLonline
Viewing SSL Certificate in Chrome | RapidSSLonlineViewing SSL Certificate in Chrome | RapidSSLonline
Viewing SSL Certificate in Chrome | RapidSSLonline
 
Compare GeoTrust True BusinessID SSL Data Sheet
Compare GeoTrust True BusinessID SSL Data SheetCompare GeoTrust True BusinessID SSL Data Sheet
Compare GeoTrust True BusinessID SSL Data Sheet
 
Introducing TLS 1.3 – The future of Encryption
Introducing TLS 1.3 – The future of EncryptionIntroducing TLS 1.3 – The future of Encryption
Introducing TLS 1.3 – The future of Encryption
 
GUIDE ON INSTALLING SSL CERTIFICATE ON IBM HTTP SERVER
GUIDE ON INSTALLING SSL CERTIFICATE ON IBM HTTP SERVERGUIDE ON INSTALLING SSL CERTIFICATE ON IBM HTTP SERVER
GUIDE ON INSTALLING SSL CERTIFICATE ON IBM HTTP SERVER
 
Cybersecurity Compliance can Make or Break Your Business - DigiCert - Symantec
Cybersecurity Compliance can Make or Break Your Business - DigiCert - SymantecCybersecurity Compliance can Make or Break Your Business - DigiCert - Symantec
Cybersecurity Compliance can Make or Break Your Business - DigiCert - Symantec
 
Adobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL GuideAdobe Connect on-premise SSL Guide
Adobe Connect on-premise SSL Guide
 
How to Move SSL Certificate from Windows Server to Another Windows Server
How to Move SSL Certificate from Windows Server to Another Windows ServerHow to Move SSL Certificate from Windows Server to Another Windows Server
How to Move SSL Certificate from Windows Server to Another Windows Server
 
Symmetric and Asymmetric Encryption
Symmetric and Asymmetric EncryptionSymmetric and Asymmetric Encryption
Symmetric and Asymmetric Encryption
 
SSL / TLS Validation | CASecurity.org | RapidSSLonline
SSL / TLS Validation | CASecurity.org | RapidSSLonlineSSL / TLS Validation | CASecurity.org | RapidSSLonline
SSL / TLS Validation | CASecurity.org | RapidSSLonline
 
Geek Guide: Apache Web Servers and SSL Authentication
Geek Guide: Apache Web Servers and SSL AuthenticationGeek Guide: Apache Web Servers and SSL Authentication
Geek Guide: Apache Web Servers and SSL Authentication
 
All About SSL/TLS
All About SSL/TLSAll About SSL/TLS
All About SSL/TLS
 
A Complete RapidSSL Guide on Securing Online Business with SSL Certificate
A Complete RapidSSL Guide on Securing Online Business with SSL CertificateA Complete RapidSSL Guide on Securing Online Business with SSL Certificate
A Complete RapidSSL Guide on Securing Online Business with SSL Certificate
 
Google Chrome 56 What You Need to Know?
Google Chrome 56   What You Need to Know?Google Chrome 56   What You Need to Know?
Google Chrome 56 What You Need to Know?
 
The Hidden Costs of SelfSigned SSL Certificates
The Hidden Costs of SelfSigned SSL Certificates The Hidden Costs of SelfSigned SSL Certificates
The Hidden Costs of SelfSigned SSL Certificates
 
5 Steps for Preventing Ransomware
5 Steps for Preventing Ransomware5 Steps for Preventing Ransomware
5 Steps for Preventing Ransomware
 
2016 Symantec Internet Security Threat Report
2016 Symantec Internet Security Threat Report2016 Symantec Internet Security Threat Report
2016 Symantec Internet Security Threat Report
 
How Does The Wildcard SSL Work?
How Does The Wildcard SSL Work?How Does The Wildcard SSL Work?
How Does The Wildcard SSL Work?
 
Uncover threats and protect your organization
Uncover threats and protect your organizationUncover threats and protect your organization
Uncover threats and protect your organization
 
A New Zero-Day Vulnerability Discovered Every Week in 2015
A New Zero-Day Vulnerability Discovered Every Week in 2015A New Zero-Day Vulnerability Discovered Every Week in 2015
A New Zero-Day Vulnerability Discovered Every Week in 2015
 

Último

8 Steps to Build a LangChain RAG Chatbot.
8 Steps to Build a LangChain RAG Chatbot.8 Steps to Build a LangChain RAG Chatbot.
8 Steps to Build a LangChain RAG Chatbot.Ritesh Kanjee
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleShane Coughlan
 
VuNet software organisation powerpoint deck
VuNet software organisation powerpoint deckVuNet software organisation powerpoint deck
VuNet software organisation powerpoint deckNaval Singh
 
BusinessGPT - SECURITY AND GOVERNANCE FOR GENERATIVE AI.pptx
BusinessGPT  - SECURITY AND GOVERNANCE  FOR GENERATIVE AI.pptxBusinessGPT  - SECURITY AND GOVERNANCE  FOR GENERATIVE AI.pptx
BusinessGPT - SECURITY AND GOVERNANCE FOR GENERATIVE AI.pptxAGATSoftware
 
Telebu Social -Whatsapp Business API : Mastering Omnichannel Business Communi...
Telebu Social -Whatsapp Business API : Mastering Omnichannel Business Communi...Telebu Social -Whatsapp Business API : Mastering Omnichannel Business Communi...
Telebu Social -Whatsapp Business API : Mastering Omnichannel Business Communi...telebusocialmarketin
 
Revolutionize Your Field Service Management with FSM Grid
Revolutionize Your Field Service Management with FSM GridRevolutionize Your Field Service Management with FSM Grid
Revolutionize Your Field Service Management with FSM GridMathew Thomas
 
Building Generative AI-infused apps: what's possible and how to start
Building Generative AI-infused apps: what's possible and how to startBuilding Generative AI-infused apps: what's possible and how to start
Building Generative AI-infused apps: what's possible and how to startMaxim Salnikov
 
Steps to Successfully Hire Ionic Developers
Steps to Successfully Hire Ionic DevelopersSteps to Successfully Hire Ionic Developers
Steps to Successfully Hire Ionic Developersmichealwillson701
 
Unlocking AI: Navigating Open Source vs. Commercial Frontiers
Unlocking AI:Navigating Open Source vs. Commercial FrontiersUnlocking AI:Navigating Open Source vs. Commercial Frontiers
Unlocking AI: Navigating Open Source vs. Commercial FrontiersRaphaël Semeteys
 
Mobile App Development process | Expert Tips
Mobile App Development process | Expert TipsMobile App Development process | Expert Tips
Mobile App Development process | Expert Tipsmichealwillson701
 
Technical improvements. Reasons. Methods. Estimations. CJ
Technical improvements.  Reasons. Methods. Estimations. CJTechnical improvements.  Reasons. Methods. Estimations. CJ
Technical improvements. Reasons. Methods. Estimations. CJpolinaucc
 
8 key point on optimizing web hosting services in your business.pdf
8 key point on optimizing web hosting services in your business.pdf8 key point on optimizing web hosting services in your business.pdf
8 key point on optimizing web hosting services in your business.pdfOffsiteNOC
 
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptxCYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptxBarakaMuyengi
 
MUT4SLX: Extensions for Mutation Testing of Stateflow Models
MUT4SLX: Extensions for Mutation Testing of Stateflow ModelsMUT4SLX: Extensions for Mutation Testing of Stateflow Models
MUT4SLX: Extensions for Mutation Testing of Stateflow ModelsUniversity of Antwerp
 
Leveling Up your Branding and Mastering MERN: Fullstack WebDev
Leveling Up your Branding and Mastering MERN: Fullstack WebDevLeveling Up your Branding and Mastering MERN: Fullstack WebDev
Leveling Up your Branding and Mastering MERN: Fullstack WebDevpmgdscunsri
 
Mobile App Development company Houston
Mobile  App  Development  company HoustonMobile  App  Development  company Houston
Mobile App Development company Houstonjennysmithusa549
 
03.2024_North America VMUG Optimizing RevOps using the power of ChatGPT in Ma...
03.2024_North America VMUG Optimizing RevOps using the power of ChatGPT in Ma...03.2024_North America VMUG Optimizing RevOps using the power of ChatGPT in Ma...
03.2024_North America VMUG Optimizing RevOps using the power of ChatGPT in Ma...jackiepotts6
 
Splashtop Enterprise Brochure - Remote Computer Access and Remote Support Sof...
Splashtop Enterprise Brochure - Remote Computer Access and Remote Support Sof...Splashtop Enterprise Brochure - Remote Computer Access and Remote Support Sof...
Splashtop Enterprise Brochure - Remote Computer Access and Remote Support Sof...Splashtop Inc
 
Flutter the Future of Mobile App Development - 5 Crucial Reasons.pdf
Flutter the Future of Mobile App Development - 5 Crucial Reasons.pdfFlutter the Future of Mobile App Development - 5 Crucial Reasons.pdf
Flutter the Future of Mobile App Development - 5 Crucial Reasons.pdfMind IT Systems
 

Último (20)

8 Steps to Build a LangChain RAG Chatbot.
8 Steps to Build a LangChain RAG Chatbot.8 Steps to Build a LangChain RAG Chatbot.
8 Steps to Build a LangChain RAG Chatbot.
 
openEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scaleopenEuler Community Overview - a presentation showing the current scale
openEuler Community Overview - a presentation showing the current scale
 
VuNet software organisation powerpoint deck
VuNet software organisation powerpoint deckVuNet software organisation powerpoint deck
VuNet software organisation powerpoint deck
 
BusinessGPT - SECURITY AND GOVERNANCE FOR GENERATIVE AI.pptx
BusinessGPT  - SECURITY AND GOVERNANCE  FOR GENERATIVE AI.pptxBusinessGPT  - SECURITY AND GOVERNANCE  FOR GENERATIVE AI.pptx
BusinessGPT - SECURITY AND GOVERNANCE FOR GENERATIVE AI.pptx
 
Telebu Social -Whatsapp Business API : Mastering Omnichannel Business Communi...
Telebu Social -Whatsapp Business API : Mastering Omnichannel Business Communi...Telebu Social -Whatsapp Business API : Mastering Omnichannel Business Communi...
Telebu Social -Whatsapp Business API : Mastering Omnichannel Business Communi...
 
Revolutionize Your Field Service Management with FSM Grid
Revolutionize Your Field Service Management with FSM GridRevolutionize Your Field Service Management with FSM Grid
Revolutionize Your Field Service Management with FSM Grid
 
20140812 - OBD2 Solution
20140812 - OBD2 Solution20140812 - OBD2 Solution
20140812 - OBD2 Solution
 
Building Generative AI-infused apps: what's possible and how to start
Building Generative AI-infused apps: what's possible and how to startBuilding Generative AI-infused apps: what's possible and how to start
Building Generative AI-infused apps: what's possible and how to start
 
Steps to Successfully Hire Ionic Developers
Steps to Successfully Hire Ionic DevelopersSteps to Successfully Hire Ionic Developers
Steps to Successfully Hire Ionic Developers
 
Unlocking AI: Navigating Open Source vs. Commercial Frontiers
Unlocking AI:Navigating Open Source vs. Commercial FrontiersUnlocking AI:Navigating Open Source vs. Commercial Frontiers
Unlocking AI: Navigating Open Source vs. Commercial Frontiers
 
Mobile App Development process | Expert Tips
Mobile App Development process | Expert TipsMobile App Development process | Expert Tips
Mobile App Development process | Expert Tips
 
Technical improvements. Reasons. Methods. Estimations. CJ
Technical improvements.  Reasons. Methods. Estimations. CJTechnical improvements.  Reasons. Methods. Estimations. CJ
Technical improvements. Reasons. Methods. Estimations. CJ
 
8 key point on optimizing web hosting services in your business.pdf
8 key point on optimizing web hosting services in your business.pdf8 key point on optimizing web hosting services in your business.pdf
8 key point on optimizing web hosting services in your business.pdf
 
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptxCYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
 
MUT4SLX: Extensions for Mutation Testing of Stateflow Models
MUT4SLX: Extensions for Mutation Testing of Stateflow ModelsMUT4SLX: Extensions for Mutation Testing of Stateflow Models
MUT4SLX: Extensions for Mutation Testing of Stateflow Models
 
Leveling Up your Branding and Mastering MERN: Fullstack WebDev
Leveling Up your Branding and Mastering MERN: Fullstack WebDevLeveling Up your Branding and Mastering MERN: Fullstack WebDev
Leveling Up your Branding and Mastering MERN: Fullstack WebDev
 
Mobile App Development company Houston
Mobile  App  Development  company HoustonMobile  App  Development  company Houston
Mobile App Development company Houston
 
03.2024_North America VMUG Optimizing RevOps using the power of ChatGPT in Ma...
03.2024_North America VMUG Optimizing RevOps using the power of ChatGPT in Ma...03.2024_North America VMUG Optimizing RevOps using the power of ChatGPT in Ma...
03.2024_North America VMUG Optimizing RevOps using the power of ChatGPT in Ma...
 
Splashtop Enterprise Brochure - Remote Computer Access and Remote Support Sof...
Splashtop Enterprise Brochure - Remote Computer Access and Remote Support Sof...Splashtop Enterprise Brochure - Remote Computer Access and Remote Support Sof...
Splashtop Enterprise Brochure - Remote Computer Access and Remote Support Sof...
 
Flutter the Future of Mobile App Development - 5 Crucial Reasons.pdf
Flutter the Future of Mobile App Development - 5 Crucial Reasons.pdfFlutter the Future of Mobile App Development - 5 Crucial Reasons.pdf
Flutter the Future of Mobile App Development - 5 Crucial Reasons.pdf
 

Preparing for future attacks - the right security strategy

  • 1. Preparing for future attacks http://go.symantec.com/cyber-resilience More Focus, Less Risk. Solution Brief: Implementing the right security strategy now
  • 2. Solution brief: implementing the right security strategy now Introduction Recent malware incidents have shown how costly and damaging cyber attacks can be. The Stuxnet worm is believed to have significantly affected Iranian nuclear processing, and was widely considered to be the first operational cyber weapon.1 Shamoon was able to compromise and incapacitate 30,000 work stations within an oil producing organization.2 Another targeted malware attack against a public corporation resulted in the company declaring a $66 million loss relating to the attack.3 Such attacks may not necessarily be successful, but when attackers do find their way inside an organization’s systems, a swift, well-prepared response can quickly minimize damage and restore systems before significant harm can be caused. In order to prepare such a response, organizations must understand how attacks can progress, develop a counteractive strategy, decide who will carry out which actions and then practice and refine the plan. http://go.symantec.com/cyber-resilience
  • 3. Understanding attacks An attack starts with a point of ingress to the organization. This may be an unsecured system that hackers are able to access, a vulnerable machine on which malware is executed, or a user who has been duped into installing malware. This point of ingress may then be exploited to spread attacks through the network, either by hacking other systems or by using malware to exploit unpatched system vulnerabilities and install itself on other systems. Once a system is compromised, attackers may install further malware, or take control of the system and send commands for execution. Attackers may seek to exfiltrate information such as confidential files or usernames and passwords held on the system. Protecting against attacks Most attacks can be defended against with the implementation of basic information security practices. The Australian Department of Defense found that implementing four mitigation strategies was sufficient to prevent 85 percent of targeted attacks.4 The British Government has advised that focusing on ten key areas is sufficient to counteract most cyber threats,5 while the US has put forth the National Institute of Standards and Technology (NIST) framework. At a minimum, an organization should ensure that network traffic and systems are scanned for malware and that logs of system and network activity are kept for forensic analysis if necessary. Additionally, regular backups are vital to ensure that damaged systems can be restored to a normal working state. Adequate information security defenses reduce the likelihood of attacks succeeding. However, behind every cyber attack headline is an organization that believed its defenses were sufficient. Major incidents do occur and need to be planned for, in order to reduce disruption to the business, minimize harm and reduce the time required for recovery. Solution brief: implementing the right security strategy now Ingress Expand attack Exfiltrate attack Attacker User Attacker Issue commands http://go.symantec.com/cyber-resilience
  • 4. These actions may impact users and services throughout the organization. Notably, they may effect how users, and indeed the response team, usually communicate. Therefore, consideration needs to be given to how communication will be maintained and how users and executives will be kept up-to-date with the progress of incident resolution. Forensic analysis should be used, not only to help identify if data has been compromised, but also to assess how attackers initially penetrated the systems. The vulnerability that was exploited to gain access needs to be addressed as a priority to prevent the attack from being repeated as soon as it has been resolved. The collection and preservation of forensic information may also help in identifying and prosecuting those responsible for the attack. Solution brief: implementing the right security strategy now Preparing for incidents Organizations should expect sophisticated attacks to be launched against their systems and prepare for this eventuality accordingly. In practice, such attacks are rare. However, by keeping abreast of the latest attacks and attacker techniques, organizations can verify that their systems are capable of detecting and repelling such threats. Attention to the preparation process ensures that when an attack occurs, it is rapidly detected. Many identified incidents may be, on closer analysis, false positives, and many will be minor and will not require a major response. Nevertheless, organizations should be sure that they are capturing and recording all incidents so that the attacks that do require attention are quickly identified and escalated. To do this, it is important to determine the escalation criterion and mechanism by which a detected incident will activate an incident plan. The first step of the incident plan should be an assessment of the situation. This should be followed by actions to prevent the attack from spreading to affect more systems and to prevent further harm from being incurred. Systems that have been infected will need to be isolated to contain the attack. Systems as yet uninfected may need to be temporarily disabled to prevent the attack from spreading internally, and network access may need to be curtailed. Prepare for attacks Implement response plan Refine response plan Figure 2: Incidence response phases Preparation Response RecoveryDetection Review Time Attacker Ingress Attacker Detected System s Secured Norm al Operation Resum ed http://go.symantec.com/cyber-resilience
  • 5. The recovery phase involves restoring systems to their pre-infection state. Access to recent backups of the affected systems can greatly facilitate this process, providing they are free from malware. Care must be taken to ensure that systems are restored to an infection-free state. Each incident should be subsequently reviewed to identify which procedures worked well, and where existing practices were lacking. The opportunity should be taken to learn from the incident and improve procedures in order to improve the security posture of the organization. Creating a response team Every organization needs not only a response plan, but also a team that will implement it. So, a key factor for success will be the support of senior management. Indeed, when an incident is evolving fast, the involvement of a senior manager with the authority to approve whatever measures are necessary to contain and resolve the incident may be vital for gaining a speed advantage over the attackers. Relevant stakeholders from departments that may be affected by an incident will need to be included as part of the response team. However, the greatest input to the team will be from the technical staff, who will implement the plan and possess the skills to remediate damage. Organizations shouldn’t feel that every position in the response team needs to be filled by in-house staff. External expertise should be considered for the specialist skills, and experience with similar incidents, that can be brought to the team. The composition of the team also needs to be regularly reviewed. Members may be required to be on-call for extended periods of time and might benefit from being rotated out of the incident team in order to rest. Equally, exercises and testing could identify additional skills that need to be brought into the team. Solution brief: implementing the right security strategy now http://go.symantec.com/cyber-resilience
  • 6. Testing the plan Major attacks are rare events. The ideal outcome is that the incident plan and the skills of the response team will never need to be put into action. However, relying on this possibility brings risks of its own. Regularly testing the incident plan will reveal areas of weakness and prevent skills from being forgotten through lack of use. Testing exercises may be paper-based, where the response to an evolving attack and resolution of the incident is played out on a theoretical basis. Or, such testing may be scheduled as a live exercise involving a team of penetration testers that simulate how attackers may compromise systems. Regular exercises ensure that team members are comfortable with their roles and responsibilities. Testing a variety of different attack scenarios ensures that procedures are both comprehensive and flexible enough to respond to future attacks. Teams should adopt the model of: plan, do, check and act. Plan Establish objectives, policies and procedures to meet the requirements of the business. Do Implement these policies and procedures. Check Verify if these are effective at meeting objectives in practice. Act Take action to modify plans according to experience gained to refine and improve. Solution brief: implementing the right security strategy now More focus, less risk. P lan D o Ac t Che ck http://go.symantec.com/cyber-resilience
  • 7. Conclusion Understanding how attacks can occur, implementing the right procedures and developing a clear response strategy can help organizations to counteract future threats and recover from incidents more quickly. References 1 N. Falliere, L. O. Murchu, E. Chien, “W32. Stuxnet Dossier”, Symantec Security Response Whitepaper, February 2007 S. Davies, “Out of Control”, Engineering & Technology v.6 (6) p.60-62, July 2011 2 D. Walker “Saudi Oil Company Back Online After Cyber Sabotage Attempt”, SC Magazine, 27 Aug 2012 3 H. Tsukayama, “Cyber Attack on RSA Cost EMC $66 Million”, The Washington Post, 26 Jul 2011 4 “Top Four Mitigation Strategies to Protect Your ICT System”, Australian Government Department of Defence Intelligence and Security, p. 1, September 2011 5 “Executive Companion: 10 Steps to Cyber Security”, Dept. for Business Innovation & Skills, Centre for the Protection of National Infrastructure, Office of Cyber Security & Information Assurance, p. 1, September 2012 Solution brief: implementing the right security strategy now http://go.symantec.com/cyber-resilience
  • 8. Further reading “Computer Security Incident Handling Guide. Recommendations of the National Institute of Standards and Technology”, NIST SP 800-61 rev. 2. “Guide to Malware Incident Prevention and Handling. Recommendations of the National Institute of Standards and Technology”, NIST SP 800-83. BS ISO/IEC 27002:2005 Information technology – Security techniques – Code of practice for information security management. BS ISO/IEC 27035:2011 Information technology – Security techniques – Information security incident management. PD ISO/IEC TR 18044:2004 Information technology – Security techniques – Information security incident management. BS ISO/IEC 27031:2011 Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity. “Best Practices for Troubleshooting Viruses on a Network”, Symantec Knowledge Base B. Nahorney & E. Maengkom, “Containing an Outbreak. How to clean your network after an incident.”, Symantec Security Response Whitepaper. Symantec Security Response, “Security Best Practices” Symantec Training, “Security Awareness Program” Solution Brief: Symantec Managed Security Services, “Symantec Security Monitoring Services: Security log management, monitoring, and analysis by certified experts” Solution Brief: Symantec Managed Security Services, “Symantec Managed Protection Services: Optimize enterprise security protection while maintaining control” Symantec Corporation World Headquarters 350 Ellis Street Mountain View, CA 94043 USA +1 (650) 527-8000 1 (800) 721-3934 www.symantec.com For specific country offices Symantec is a global leader in providing security, storage and systems management solutions to help customers secure and manage their information and identities. Copyright©2014SymantecCorporation.All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. 07/14 PN21335651 For these and any additional resources, visit: http://go.symantec.com/cyber-resilience http://go.symantec.com/cyber-resilience More Focus, Less Risk.