Incident Response Articles (12)

Cyber Incident Checklists

When responding to an incident, the first checklist you should complete is the Incident Summary Checklist, which is designed to collect the essential vitals of an incident. This checklist’s objective is to capture high-level information regarding the occurrence. The information gathered should provide you a rough picture of what transpired and assist you in identifying areas where your response process may require revision.

An Overview of a Data Breach, its Causes, Recovery, and Remediation Techniques

Data is the major driving factor behind businesses worldwide. This data is stored in digital form by the organizations. Data is the most valuable asset of an organization as well as the prime target for attackers. This data is continuously being transferred over the internet which makes it possible for the attackers to compromise its security. The organization may suffer serious repercussions if the security of this data is compromised.

Pros and Cons of Agent-based and Agentless Log Collection

In this blog post, we are going to explain the pros and cons of agent-based and agentless methods of log collection. Let’s start by defining what is log collection.

Agentless Log Collection: Microsoft WEC and WEF

In this blog post, we are going to explore Windows Event Forwarder (WEF) and Windows Event Collector (WEC) which you can utilize in your agentless log collection efforts. First, we will discover Windows Event Forwarder and Windows Event Collector, then illustrate a basic XML analysis. Lastly, we will also take a look at how to configure subscriptions.

Common methods an adversary may adopt to cover their tracks

It is essential for attackers to understand how to hide their tracks. This is because they don’t want to leave any evidence that can be used to track them down. This might be a difficult process because we often have protocols in place to detect and log events. For an attacker who wants to stay anonymous, erasing evidence is necessary. It begins with removing the corrupting logs and any error messages generated during the attack procedure.

What will I do as an Incident Responder?

You just landed a new job as an Incident Responder. You have heard that Incident Response involves identifying the incident, containing the incident, recovering from the incident and preventing such an incident form happening again. Have you wondered what really happens in those stages? What might an Incident Responder actually do to ‘handle’ incidents? This blog post will walk you through the sequence of activities typically performed during incident handling.

Pre-Incident Preparation: For a Smoother Incident Response Process

When paramedics get a call, they immediately swoop into action. They have medical equipment stored and ready to use in their ambulance. Upon reaching the person requiring help, they provide immediate medical care to keep the person comfortable, until they can be taken to a hospital for further treatment. The paramedics collect as much information as they can about the patient’s medical condition and provide it to the doctors. Initial care provided by paramedics is very critical to saving a person’s life. Likewise, Incident Responders are the paramedics of the technology world. Professionals performing incident response must be equipped and prepared to deal with incidents. This can be achieved by executing pre-incident preparation.

What is an Incident Response Toolkit?

Have you seen crime scene investigation (CSI) shows on TV? After a crime occurs, a professional walks in with a bulky case containing equipment to collect fingerprints, take photographs and plastic bags to safely collect evidence. The evidence collected helps provide clues to solve the crime. The professional is an Incident Responder and the bulky case is referred to as Incident Response Toolkit (IRT). Having a ready IRT assists the Incident Responder to collect evidence methodically. The same technique can be adopted to the cyberworld too. This blog post discusses how you can prepare an Incident Response Toolkit to assist in handling cyber incidents.

What role does incident handling play when a cyber attack occurs?

Cyber incidents present a unique challenge for organisations. The rapid pace of change in the technology landscape means that organisations must be prepared to respond to attacks that may not have been seen before. Incident handling is a critical part of any organisation’s cybersecurity strategy. By having a plan in place, organisations can ensure that they are able to respond quickly and effectively to any cyber incident.

A short introduction to writing incident response playbooks

Incident response playbooks provide a repeatable process for investigating and responding to security incidents. They can help organizations improve their incident response capabilities by providing a framework for managing incidents, documenting best practices, and sharing information with other responders.

Why do we do incident response?

Incident response is a process that organizations use to manage and mitigate the damage of a security incident. The primary goal of incident response is to protect the organization’s assets and minimize the disruption caused by the incident. There is no single definition of an incident, but most experts agree that an incident is a security event that has the potential to cause harm to the organization. Incidents can include events such as a data breach, a ransomware attack, or a malicious email campaign. Incident response is a critical part of any organization’s security strategy.

Becoming an Incident Responder

Let us assume that a building has caught fire. Firefighters must act at a moment’s notice to extinguish the flames. A building catching fire is an unexpected event. Similar unexpected events occur in the cyber world that affects regular business operations. Any event out of the ordinary qualifies as an incident.