Security Orchestration and Automated Incident Response
To build a strong foundation for your incident response program you must embed industry best practices into the workflow.
Developing well-crafted playbooks to guide your incident and security management processes ensures that your entire team is working together following proven steps and removing uncertainty during emergencies.
The stages of incident response
Prepare response plans, policies, call trees and playbooks with the members of your incident response team including external entities.
Organizations must develop an understanding of their environment to detect the cyber security attacks to systems, assets, data and capabilities.
Organizations must implement the appropriate measures to quickly identify cyber security events or incident
In the containment stage you must limit the damage caused to systems and prevent any further damage from occurring.
Emphasis on cleaning up system or network and getting it ready to restore from a reimage of a system, or from a known good backup.
Bring the system back in to production and monitor the system for any signs of abnormal activity.
Before moving back into normal operations it is critical to review the event or incident to understand how it happened. The incorporate additional activities and knowledge into your incident response process. This will produce better future outcomes and improve additional defenses.