are we breached how to effectively assess and manage incidents
TRANSCRIPT
WEBINAR
WEBINAR
Slide 3
Agenda
I. Introductions
II. Who Are We
III. The Incident Response Lifecycle
IV. Detection and Analysis
V. Incident Management Plan
VI. Containment, Eradication, and Recovery
VII. Post Incident Recovery
VIII.Close
Slide 4
Introductions
• Ted Julian, Chief Marketing Officer, Co3 Systems
• Stephen Brennan, Global Technical Consulting Lead, CSC
Slide 5
About Co3 – Incident Response Management
MITIGATE
Document Results &
Improve Performance
• Generate reports for management,
auditors, and authorities
• Conduct post-mortem
• Update SOPs
• Track evidence
• Evaluate historical performance
• Educate the organization
ASSESS
Identify and Evaluate Incidents
• Assign appropriate team members
• Evaluate precursors and indicators
• Correlate threat intelligence
• Track incidents, maintain logbook
• Prioritize activities based on criticality
• Generate assessment summaries
PREPARE
Improve Organizational Readiness
• Appoint team members
• Fine-tune response SOPs
• Escalate from existing systems
• Run simulations (firedrills / table tops)
MANAGE
Contain, Eradicate, and
Recover
• Generate real-time IR plan
• Coordinate team response
• Choose appropriate containment strategy
• Isolate and remediate cause
• Instruct evidence gathering and handling
• Log evidence
Slide 6
• 5+ Integrated Global Security Operations Centers
• 15+ Global Alliance Partners Providing Security Expertise
• 35+ Years Providing Cybersecurity Services
• 2000+ Global Cybersecurity Professionals
Who is CSC?
T R U S T E D
INTEGRATED
EFFICIENT
Slide 7
Recognized Industry Leader:
• Commitment to Growth
• Recent Acquisitions
• Alliance Partnerships
• IDC named CSC a “Leader” in the inaugural IDC MarketScape: Worldwide Managed Security Services 2014 Vendor Assessment.
• The IDC analysis and buyer perception study results placed CSC as the leading provider in the “strategies” axis, and as one of the firms with the greatest capability in delivering global managed security services (MSS).
Who is CSC?
Slide 8
The Incident Response Lifecycle
POLL QUESTION #1
Slide 10
Components of an Incident
Events
Incident
Incident Response Team
Incident Investigation
Slide 11
What is an Event?
• An observable change in the behavior of a system, environment, process, workflow or person.
Normal Escalation Emergency
POLL QUESTION #2
Slide 13
Detections & Analysis
Slide 14
Containment Steps
Determine the attack vector and scope of incident
Know the enemy—identify their tools and tactics
Collaboratively design a containment strategy and document it
Create a task list based on containment plan
Delegate and monitor tasks until containment is achieved
POLL QUESTION #3
Slide 16
Incident Checklist – Sample from NIST
Slide 17
Remediation
Repair systemsEliminate attack
vectorsMitigate exploitable
vulnerabilities
Validation of the repair process
Test systems to ensure compliance with policy and risk
mitigation
Perform additional repairs to resolve
all current vulnerabilities
■
Slide 19
Upcoming Co3 Events
• By Popular Demand: Co3's Latest & Greatest Features, December 3, 2014, 1 pm EST
• How The Grinch Stole Black Friday: Co3's 2014 Annual Review & Predictions, December 18, 2014, 1 pm EST
One Alewife Center, Suite 450
Cambridge, MA 02140
PHONE 617.206.3900
WWW.CO3SYS.COM
“Co3 Systems makes the process of planning for a
nightmare scenario as painless as possible,
making it an Editors’ Choice.”
PC MAGAZINE, EDITOR’S CHOICE
“One of the hottest products at RSA…”
NETWORK WORLD – FEBRUARY 2013
“Co3…defines what software packages for
privacy look like.”
GARTNER
“Platform is comprehensive, user friendly, and
very well designed.”
PONEMON INSTITUTE
Stephen Brennan
Global Technical Consulting Lead
CSC
Slide 21
“Co3 makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.”
– PC Magazine, Editor’s Choice
“Platform is comprehensive, user friendly, and very well designed.”
– Ponemon Institute
“One of the most important startups in security…”
– Business Insider
“One of the hottest products at RSA…”
– Network World
“...an invaluable weapon when responding to security incidents.”
– Government Computer News
“Co3 has done better than a home-run...it has knocked one out of the park.”
– SC Magazine
Most Innovative Product