+27 (0) 11 673 0835      |      +27 (0) 83 509 2016 info@wirespeed.co.za

Incident and Breach Response

What is Incident Response?

Incident response (IR) is a structured methodology for handling security incidents, breaches, and cyber threats. A well-defined incident response plan allows you to effectively identify, minimize the damage, and reduce the cost of a cyber attack, while finding and fixing the cause to prevent future attacks.

During a cybersecurity incident, security teams will face many unknowns and a frenzy of activity. In such a hectic environment, they may fail to follow proper incident response procedures to effectively limit the damage. This is important because a security incident can be a high-pressure situation, and your IR team must immediately focus on the critical tasks at hand. Clear thinking and swiftly taking pre-planned incident response steps during a security incident can prevent many unnecessary business impacts and reputational damage.

Wire Speed Systems  can help your team perform a complete, rapid and effective response to a cyber security incident by having a comprehensive incident response (IR) plan in place. In addition, we also assit in  completing an incident response plan checklist and developing and deploying an IR policy  which will help your organisation  before you have fully developed your IR plan.

The steps we   take after a cybersecurity event occurs

The first priority is to prepare in advance by putting a concrete IR plan in place. We assist organisations  to   establish and battle-test a plan before a significant attack or data breach occurs. We address  the following response phases as defined by NIST  

k

Preparation

Planning in advance how to handle and prevent security incidents

Containment, Eradication, and Recovery

Developing a containment strategy, identifying and mitigating the hosts and systems under attack, and having a plan for recovery

U

Detection and Analysis

Everything from monitoring potential attack vectors, to looking for signs of an incident, to prioritization

Post-Incident Activity

Reviewing lessons learned and having a plan for evidence retention

Figure 1 – The NIST recommended phases for responding to a cybersecurity incident

Building on the outlined NIST phases, here are specific incident response steps to take once a critical security event has been detected:

1.  Assemble your team 

It’s critical to have the right people with the right skills, along with associated tribal knowledge. Appoint a team leader who will have overall responsibility for responding to the incident. This person should have a direct line of communication with management so that important decisions—such as taking key systems offline if necessary—can be made quickly.

In smaller organizations, or where a threat isn’t severe, your SOC team or managed security consultants may be sufficient to handle an incident. But for the more serious incidents, you should include other relevant areas of the company such as corporate communications and human resources.

If you have built a Security Incident Response Team (CSIRT), now is the time to activate your team in collaboration with Wire Speed Systems Tiger team bringing in the entire range of pre-designated technical and non-technical specialists.

If a breach could result in litigation, or requires public notification and remediation, you should notify your legal department immediately.

2. Detect and ascertain the source

Our  CIRT(Tiger-Team) with your team   will  first work to identify the cause of the breach, and then ensure that it’s contained. Our  teams will become aware that an incident is occurring or has occurred from a very wide variety of indicators, by making use of our Next-generation security solutions as well as your other existing solutions :

INCIDENCE & BREACH RESPONSE