Well-Rounded Incident Response is Vital

05/03/2020 09:47:09


Cybersecurity has become the crux of the Internet age, having a profound impact on international politics, economy, culture, society, military and almost every other field, and has simultaneously become a challenging issue of ever-increasing importance. As informazation and globalization spread, the Internet has become an essential part of daily life, both social and professional. In this era of booming information, effects of both the positive and negative are felt on a global level, a “double edged sword,” boosting economic growth while simultaneously creating more opportunity for data leakage and cyber-attack.

2017 was a huge year for cyber-crime, seeing the NSA’s Equation Group tools leaked, loopholes in OS’s and web applications exploited, ransomware running rampant in the first half of the year, while large scale mining attacks dominated the second half.  We now see increasing supply chain attacks and ongoing targeted APT attacks. Attackers are employing more complex, yet more flexible tools in their ongoing war fueled by personal and national interest, both industrialized and organized. The network attack area is expanding.



Pop quiz! What does a professional fear most? A lack of customers, slow or dwindling income or new clients, network outage or loss of reputation, financial loss or legal issues?

Each and every option has the potential to collapse all you’ve worked for.

How do we minimize the impact and possible negative outcomes of these issues? Via Incident Response.

Is security incident response all that is required in the event of a cyber-attack?

Incident Response is an organized process or phase of methodology that an organization uses to respond too and deal with security incidents or data breaches. Data breaches have serious ramifications, impacting sensitive customer data, confidential intellectual property, productivity, time and resources. In an effort to reduce potential damage, Incident Response is there to backup organizations dealing with security issues and cyber-attack, and assist in any recovery.

Incident Response is normally broken down into six different phases:
Preparation
Identification
Containment
Eradication
Recovery
Lesson Learned

Preparation is normally what is known as the “pre-incident” phase. Identification, containment, eradication and  recovery are considered the “mid-incident” phase, while the lesson learned falls under the “post-incident” phase of Incident Response.

Pre-Incident Phase
Sangfor helps organizations assess external attack surfaces and vulnerabilities before an attack occurs. Organizations need to know if the existing network architecture, network setup, security practices and security controls, are sufficient to defend against ransomware and APT attacks. Attack surfaces, vulnerabilities, weak points and risks are identified before attackers take advantage and exploit them. Organization are advised to perform security scans regularly and develop a risk mitigation plan, based on Sangfor recommendations, designed to lower the risk-level to its extreme minimum.

Mid-Incident Phase
In the event of a successful ransomware or APT attack, the Sangfor Incident Response team will provide immediate support, based on the agreed upon SLA, helping to mitigate the incident and minimize the impact. Sangfor’s security professionals will assist to identify the kill chain, patient zero, entry point, IOC and triage. After the security incident is resolved, a report will be prepared for the organization.

Post-Incident Phase
After the impacted services have recovered and the incident case is closed, the operation of the organization will return to normal. In order to assess the organization’s ability to defend against future ransomware and APT attack, Sangfor will provide an external vulnerability assessment service and firewall ruleset configuration review to ensure new vulnerabilities, weak points and misconfigurations are identified before the next attack occurs.

How will Incident Response service benefit your organization?




For any information about Sangfor Security Services & Products, click here to send us a message or contact your local Sangfor representative.

Organizations infected with Ransomware can call us at +60 12711 7129 or +60 12711 7511 for direct phone support!

Our Social Networks

Global Service Center:

COPYRIGHT © 2000-2020 SANGFOR TECHNOLOGIES. ALL RIGHTS RESERVED.