Isolate, Investigate, Respond: 3 Steps to Eliminate a Threat

{authorName}

Tech Insights for ProfessionalsThe latest thought leadership for IT pros

08 April 2021

Improve your strategy for defending against cyberthreats by following these three essential response steps.

Article 4 Minutes
Isolate, Investigate, Respond: 3 Steps to Eliminate a Threat
  • Home
  • IT
  • Security
  • Isolate, Investigate, Respond: 3 Steps to Eliminate a Threat

In today's environment, every organization needs a plan for responding to cybersecurity threats. Those that sit back and wait until they’re attacked before formulating a strategy, or those that believe they’re not at risk, may well find this is a very costly error.

For starters, businesses need to get used to the idea that it’s not a matter of if they come into the crosshairs of cybercriminals, but when. According to the UK Government, 75% of large enterprises reported an attack in 2019, while Verizon claims some 43% of cyberattacks are aimed at small firms.

No matter what company size or what industry you operate in, you're at risk. Therefore, you must take a proactive approach to defend yourself.

The importance of effective threat intelligence

To do this effectively, you need a clear threat intelligence plan. This means proactively going out and hunting for threats, which involves closely monitoring your endpoints for intrusions and responding quickly and decisively to any unusual activity.

This matters because one of the biggest factors that separate the best threat responses from the rest is how quickly firms can respond. According to Verizon, more than half of breaches (56%) took longer than a month to uncover. This can lead to greatly increased costs overall, as hackers have more opportunities to dig deeper into a company's network and extract valuable data or do additional damage.

Having automation in place can make a large difference in response times, leading to significantly less damaging attacks. For instance, the average cost of a data breach for a large company with full automation in their defenses sits at $2.88 million.

While this is still a lot, it's significantly less than the $4.43 million in costs faced by firms with no such solutions in place. Automation, however, is just one part of an effective threat intelligence plan.

To respond quickly to threats, companies also need endpoint security measures that can spot suspicious activity as soon as it reaches the network, and high-quality investigation methods that can reduce the mean time to response.

3 key steps to improve your cybersecurity defenses

According to Malwarebytes, this type of proactive threat hunting can improve a company’s security defenses by as much as 30%. But it’s also how companies react when they do find a threat that dictates how costly a breach may be.

Malwarebytes identifies three key steps that must be a part of any successful response plan in order to contain threats and prevent a problem from turning into a crisis.

1.Isolate

It’s vital to isolate the threat before it has a chance to spread within the network. This means containing it within the endpoint where it’s originated. It's important to ensure that the threat isn’t only blocked from moving deeper within the network to central servers, but also preventing any east-west movement to other devices.

Ideally, this needs to be done on a network level, so there’s no need to physically disconnect machines or ports from the network. Doing this prevents the infection from taking any more detrimental actions, such as 'phoning home' to receive further instructions or moving laterally to find another hole in the defenses.

2.Investigate

Effectively isolating a potential threat will give you breathing room to conduct further investigations and determine the best course of action. Malwarebytes notes that this is traditionally one of the most challenging parts of any threat response, as security pros find it difficult to access right data and visibility to identify a potential threat, determine if it’s malicious or benign, and map its attack sequence.

Therefore, tools to assist with this must be able to identify how many systems are affected and provide details into what actions the threat has taken, such as any processes that have been initiated or applications launched.

3.Respond

It's only when armed with this information you can put an effective response plan into action. This is another area where advanced automation tools can prove highly useful. This should allow you to remove any malware from your system with just a single click.

This must include eliminating the threat both within the endpoint where it’s contained and hunting it down and destroying it in any other part of the network, such as servers, that it was able to reach before being identified. For threats such as ransomware, this should also utilize backups to restore files that have been removed, modified, or encrypted.

If the potential threat does turn out to be a false alarm, you can add it to an exclusion list so similar activity isn’t flagged in the future.

Follow these steps and you can greatly reduce the impact a cybersecurity threat can have on your network, saving you time, money and your reputation.

Solution Categories

Vulnerability Scanner Software

Vulnerability Scanner Software

A vulnerability scanner software is a tool used in the field of cybersecurity to identify weaknesses...

Tech Insights for Professionals

Insights for Professionals provide free access to the latest thought leadership from global brands. We deliver subscriber value by creating and gathering specialist content for senior professionals.

Comments

Join the conversation...