Detect a Cyber Attack Quickly and Respond to One Effectively

Share via:

We are well aware of what a Cyber Attack is, the evil forms it can take and the damages it causes to computer networks. Even with increasingly heightened cybersecurity protocols in place, cybercriminals are still finding innovative ways to launch cyber attacks. In times such as now, it’s only imperative to act rather intelligently in dealing with cyber attacks.

Over time, cyber attacks have become so glaring & threatful that in November 2018, the U.S. government brought into existence a new agency that goes by the name – Cybersecurity and Infrastructure Security Agency (CISA), to help fortify nation’s infrastructure and security to deal with cyber threats, in the capacity of a Risk Advisor.

To manage cyber-attacks effectively, Cybersecurity experts of CISA have put together a comprehensive, 5-function framework that goes as this: Identify, Protect, Detect, Respond and Recover. We’ve done a thought post on Identify and Protect functions here. We will be touching down on Detect and Respond functions in this piece.

Detect a Cyber Incident Promptly

It’s obvious that prompt detection of a cyber incident (attack) is central to the whole act of damage control. We have identified the steps that go into the “Detect” function of the framework which helps organizations detect a cyber incident as it occurs.

There is a set of activities under Detect function and there are some associated action items that must be performed to ensure thorough detection of a cyber attack.

1. Detect any anomalous activity and analyze its possible impact

  • Capture the outline of your organization’s entire network, its dataflows and systems
  • Analyze the detected anomalous activity to arrive at the attack’s nature and essence
  • Consolidate event-related data from all data sources
  • Freeze the activity analysis with definitive findings
  • Define & install incident alert protocols on your organization’s network

2. Enable Security Continuous Monitoring to ensure threat protection protocols are effective

  • Constantly scan your organization’s network for potential cybersecurity events
  • Conduct a physical check of your organization’s workplace to detect any potential cybersecurity event
  • Workforce’s personal activity must be scanned to identify any red flags
  • Watch out for malicious code on any of the users’ devices
  • Perform a thorough checkpoint scan from all external service providers to flag any suspicious activity
  • Investigate all unauthorized personnel’s hardware and software for potential events
  • Establish a practice of vulnerability scans to ensure

3. Establish Detection Procedures to Detect Anomalous Activities

  • Clearly identify and define user roles & associated accountabilities pertinent to detection procedures
  • Perform testing on the established detection procedures to ensure they are sound
  • Explicitly transmit information with respect to any event detected
  • Work on continuous improvement of detection procedures

Respond to a Detected Attack Intelligently

Now that we have walked you through the activities pertinent to detect function, what logically follows is the respond function. Activities that constitute a thorough respond function are here:

1. Plan & Employ a Comprehensive Response Mechanism

  • Trigger the planned response mechanism as soon as a cyberattack is detected.

2. Communicate the Detailed Response Mechanism to All Stakeholders

  • Define user roles and their responsibilities in response action.
  • Set in place metrics & benchmarks against which events are reported.
  • Circulate information to all apposite stakeholders.

3. Conduct Analysis to Enhance Response & Recovery Activities’ Efficiencies

  • Pore over the alerts received from response protocol systems.
  • Comprehend the degree of impact of the occurred event.
  • Conduct a thorough analysis of the received alerts.
  • Categorize the event(s) in accordance with the response mechanism put in place.

4. Contain the Possible Damage Spread of an Incident

  • Limit the damage of an incident while identifying further risks and if any, contain their damage too as per the response mechanism.

5. Enhance the Response Mechanism Overall

  • Draw observations from the passed incidents, incorporate the observations in the future response strategies

Fyrsoft Aids Your Cybersecurity Measures to Battle Ransomware Attacks

Being experts on Microsoft security practices and products like Intelligent Security Graph, Fyrsoft performs a 3600 assessment of your organization’s current cybersecurity posture to help tighten your network’s security measures in the wake of spreading ransomware attacks.

Reach out to us info@fyrsoft.com to know more on how Fyrsoft can help you position yourself in the fight against ransomware.

About Author:

Jonathan Cowan (also known as JC) is a Senior Security Engineer for FyrSoft LLC. JC is passionate about many technologies, however his primary focus is within Hybrid Cloud Solutions. He is an Industry Proven Technologist with a demonstrated history of experience in the Information Technology and Services industry. JC is a specialized professional in Cybersecurity Threat Response, Modern Workplace, Intelligent Cloud Hybridization, and Digital Transformation.

With over 20 years of computing experience, JC is frequently selected to share his knowledge various technologies as well as the underlying platforms through blogging and speaking at various industry events, webinars and conferences.

You can connect with him on LinkedIn.

Leave a Reply