incident response
Incident Response Fundamentals – Communication
While there are a number of ways to err during the course of responding to an incident, it never seems to fail that the number one misstep I have continued to see comes down to internal communications among those working on the incident and communications to stakeholders. To that point, it’s astonis…
Take incident response to the next level with AMP for Endpoints and Cognitive Threat Analytics
Our data shows that there are 5 to 10 breaches per 1000 seats every week. That number is staggering and exemplifies the limits of traditional prevention. Most of these attacks will be done using repackaged malware distributed by known threat actors. We also see that such attacks not only remain unde…
The Significance of Log Sources to Building Effective Intelligence-Driven Incident Response
Many organizations today fail in adequately acquiring the necessary visibility across their network to perform efficient and effective Incident Response tasks, one of which is Intelligence-Driven Incident Response; defined as driving intelligence mechanisms to dig deeper into detecting, containing,…
Is it time to hire cybersecurity guardians for the network?
Another day, another hack. It seems like every time we turn on the news, we are hearing about another company that has been breached. Hackers are not going away and are getting progressively sophisticated as companies struggle to equip their security teams with the tools and expertise to protect the…
Triage Forensics: Leveraging Digital Forensics during Incident Response
You have just been notified by a “TLA” (Three Letter Agency), a law enforcement agency, that your organization has suffered a data breach. Depending on your Threat Management Maturity level, you will either approach this methodically or ad-hoc. A TLA notification will generally involve leveraging th…
Lateral Movement “Whack-a-Mole”
Win with Network Monitoring The Cisco Security Incident Response Service team works every day with customers who have either experienced a data breach or have engaged our team to help ensure they are prepared for an incident before it occurs. Our incident responders recently worked with a client who…
The Impact of Incident Response (IR) Services and How to Address Them
You heard why your security practice should include cybersecurity incident response services. Now we’ll dive into the why: the threat landscape impact, the potential impact of a security incident on your customer’s business, and why partnering with Cisco can help defend your customer’s intellectual…
Serenity Now! A better way to malware analysis.
Over the last half decade the term sandboxing has become so pervasive, many customers I speak to have forgotten what it’s for! Sandboxing is a type of malware analysis – dynamic malware analysis to be exact. You execute a sample / file in a virtual environment and see what happens. There are numero…
Malware Analysis for the Incident Responder
Malware is one of the most prevalent and most insidious forms of cyber attack. Identifying and eliminating them are critical in minimizing the impact of a breach. As a cybersecurity incident responder, I always end up performing some level of malicious file analysis. In this blog, I’ll share some…
2