{"id":971,"date":"2019-11-25T15:41:33","date_gmt":"2019-11-25T15:41:33","guid":{"rendered":"https:\/\/codesmartinc.com\/?p=971"},"modified":"2020-01-03T20:35:58","modified_gmt":"2020-01-03T15:05:58","slug":"detect-a-cyber-attack-quickly-and-respond-to-one-effectively","status":"publish","type":"post","link":"https:\/\/codesmartinc.com\/?p=971","title":{"rendered":"Detect a Cyber Attack Quickly and Respond to One Effectively"},"content":{"rendered":"\n<p>We are well aware of what a <a href=\"https:\/\/en.wikipedia.org\/wiki\/Cyberattack\">Cyber Attack<\/a> is, the evil forms it can take and the damages it causes to computer networks. Even with increasingly heightened cybersecurity protocols in place, cybercriminals are still finding innovative ways to launch cyber attacks. In times such as now, it\u2019s only imperative to act rather intelligently in dealing with cyber attacks. <\/p>\n\n\n\n<p>Over time, cyber attacks have become so glaring &amp; threatful that in November 2018, the U.S. government brought into existence a new agency that goes by the name \u2013 <em><a href=\"https:\/\/www.cisa.gov\/\">Cybersecurity and Infrastructure Security Agency <\/a>(CISA)<\/em>, to help fortify nation\u2019s infrastructure and security to deal with cyber threats, in the capacity of a <em>Risk Advisor<\/em>.<\/p>\n\n\n\n<p>To manage cyber-attacks effectively, Cybersecurity experts of CISA have put together a comprehensive, 5-function framework that goes as this: <em>Identify, Protect, Detect, Respond <\/em>and <em>Recover<\/em>. We\u2019ve done a thought post on <em>Identify <\/em>and <em>Protect <\/em>functions <a href=\"https:\/\/codesmartinc.com\/its-about-time-you-make-your-organization-ransomeware-proof-2\/\">here<\/a>. We will be touching down on <em>Detect <\/em>and <em>Respond <\/em>functions in this piece.<\/p>\n\n\n\n<p><strong>Detect a Cyber Incident Promptly<\/strong><\/p>\n\n\n\n<p>It\u2019s obvious that prompt detection of a cyber incident\n(attack) is central to the whole act of damage control. We have identified the\nsteps that go into the \u201cDetect\u201d function of the framework which helps\norganizations detect a cyber incident as it occurs. <\/p>\n\n\n\n<p>There is a set of activities under <em>Detect <\/em>function\nand there are some associated action items that must be performed to ensure\nthorough detection of a cyber attack. <\/p>\n\n\n\n<p><em>1. Detect any anomalous activity and analyze its possible impact<\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Capture the outline of your organization\u2019s entire network, its dataflows and systems<\/li><li> Analyze the detected anomalous activity to arrive at the attack\u2019s nature and essence<\/li><li> Consolidate event-related data from all data sources<\/li><li> Freeze the activity analysis with definitive findings<\/li><li> Define &amp; install incident alert protocols on your organization\u2019s network<\/li><\/ul>\n\n\n\n<p><em>2. Enable Security Continuous Monitoring to ensure threat protection protocols are effective<\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Constantly scan your organization\u2019s network for potential cybersecurity events<\/li><li>Conduct a physical check of your organization\u2019s workplace to detect any potential cybersecurity event<\/li><li>Workforce\u2019s personal activity must be scanned to identify any red flags<\/li><li>Watch out for malicious code on any of the users\u2019 devices<\/li><li>Perform a thorough checkpoint scan from all external service providers to flag any suspicious activity<\/li><li>Investigate all unauthorized personnel\u2019s hardware and software for potential events<\/li><li> Establish a practice of vulnerability scans to ensure   <\/li><\/ul>\n\n\n\n<p><em>3. Establish Detection Procedures to Detect Anomalous Activities<\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Clearly identify and define user roles &amp; associated accountabilities pertinent to detection procedures<\/li><li> Perform testing on the established detection procedures to ensure they are sound<\/li><li> Explicitly transmit information with respect to any event detected<\/li><li> Work on continuous improvement of detection procedures<\/li><\/ul>\n\n\n\n<p><strong>Respond to a Detected Attack Intelligently<\/strong><\/p>\n\n\n\n<p>Now that we have walked you through the activities pertinent\nto <em>detect <\/em>function, what logically follows is the <em>respond <\/em>function.\nActivities that constitute a thorough <em>respond <\/em>function are here:<\/p>\n\n\n\n<p><em>1. Plan &amp; Employ a Comprehensive Response Mechanism<\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Trigger the planned response mechanism as soon as a cyberattack is detected.<\/li><\/ul>\n\n\n\n<p><em>2. Communicate the Detailed Response Mechanism to All Stakeholders<\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Define user roles and their responsibilities in response action.<\/li><li> Set in place metrics &amp; benchmarks against which events are reported.<\/li><li> Circulate information to all apposite stakeholders.<\/li><\/ul>\n\n\n\n<p><em>3. Conduct Analysis to Enhance Response &amp; Recovery Activities\u2019 Efficiencies<\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Pore over the alerts received from response protocol systems.<\/li><li> Comprehend the degree of impact of the occurred event.<\/li><li> Conduct a thorough analysis of the received alerts.<\/li><li> Categorize the event(s) in accordance with the response mechanism put in place.<\/li><\/ul>\n\n\n\n<p><em>4. Contain the Possible Damage Spread of an Incident<\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Limit the damage of an incident while identifying further risks and if any, contain their damage too as per the response mechanism.<\/li><\/ul>\n\n\n\n<p><em>5. Enhance the Response Mechanism Overall<\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Draw observations from the passed incidents, incorporate the observations in the future response strategies<\/li><\/ul>\n\n\n\n<p><strong>Fyrsoft Aids Your Cybersecurity Measures to Battle Ransomware Attacks<\/strong><\/p>\n\n\n\n<p>Being experts on Microsoft security practices and products\nlike Intelligent Security Graph, Fyrsoft performs a 360<sup>0 <\/sup>assessment\nof your organization\u2019s current cybersecurity posture to help tighten your\nnetwork\u2019s security measures in the wake of spreading ransomware attacks.<\/p>\n\n\n\n<p>Reach out to us <a href=\"mailto:info@fyrsoft.com\">info@fyrsoft.com<\/a> to know more on how Fyrsoft can help you position yourself in the fight against ransomware.<\/p>\n\n\n\n<p><strong>About Author:<\/strong><\/p>\n\n\n\n<p>Jonathan Cowan (also known as JC) is a Senior Security Engineer for FyrSoft LLC. JC is passionate about many technologies, however his primary focus is within Hybrid Cloud Solutions. He is an Industry Proven Technologist with a demonstrated history of experience in the Information Technology and Services industry. JC is a specialized professional in Cybersecurity Threat Response, Modern Workplace, Intelligent Cloud Hybridization, and Digital Transformation.<\/p>\n\n\n\n<p>With over 20 years of computing experience, JC is frequently selected to share his knowledge of various technologies as well as the underlying platforms through blogging and speaking at various industry events, webinars and conferences.<\/p>\n\n\n\n<p>You can connect with him on&nbsp;<a href=\"https:\/\/www.linkedin.com\/in\/jonathan-cowan\/\">LinkedIn<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A Thought Piece from Experts on How to Detect a Cyber Attack and Respond to one.<\/p>\n","protected":false},"author":1,"featured_media":972,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3],"tags":[],"class_list":["post-971","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blogs","has-thumb"],"acf":[],"_links":{"self":[{"href":"https:\/\/codesmartinc.com\/index.php?rest_route=\/wp\/v2\/posts\/971","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/codesmartinc.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/codesmartinc.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/codesmartinc.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/codesmartinc.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=971"}],"version-history":[{"count":6,"href":"https:\/\/codesmartinc.com\/index.php?rest_route=\/wp\/v2\/posts\/971\/revisions"}],"predecessor-version":[{"id":1162,"href":"https:\/\/codesmartinc.com\/index.php?rest_route=\/wp\/v2\/posts\/971\/revisions\/1162"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/codesmartinc.com\/index.php?rest_route=\/wp\/v2\/media\/972"}],"wp:attachment":[{"href":"https:\/\/codesmartinc.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=971"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/codesmartinc.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=971"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/codesmartinc.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=971"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}