By Mike Johnson, Senior Cybersecurity Architect, Logicalis US
Most malware, phishing, exploits and ransomware threats are built to evade detection and response capabilities. This makes it a real challenge to build your defenses, contain the scope of the attacks and perform the appropriate fixes so you can get back to providing value to your business.
Effectively detecting and stopping cyberthreats has become a race against time for IT, security and incident response teams. Further exasperating the issue is the expanding attack surface that comes with the Internet of Things (IoT) and mobility. The traditional tools to combat these threats are leaving IT and Security staffs scrambling to respond. Headlines filled with stories about breaches and disruption causing business problems, measured in real dollars, means a different approach is needed.
Taking the Rapid Threat Containment (RTC) approach is one way to use available tools and services to your advantage. The Rapid Threat Containment approach has three steps:
- Get answers faster.
- Stop attacks faster.
- Protect critical data faster.
You can integrate rapid threat containment into your security operations to quickly detect and stop these ever-changing threats. Here are some tips to get you there:
Align the business value of RTC. Understand that the speed with which you can respond to and contain a security event is directly related to how much time, money or information you might lose. Acting faster allows IT resources to do their primary job helping streamline and digitize the business while creating value and efficiency.
Take an architectural approach to security. You should employ RTC components that are designed to work together wherever your users and systems reside. Providing threat containment manually, or with tools that sprawl, causes a “fog of more,” where threats can be missed in a mass of alerts. These threats can then move laterally across your IT environment unchecked. By selecting tools designed to work together to accomplish security related tasks, you’ll have visibility and be able to make containment decisions faster.
Enforce your policies rapidly with RTC. You’ll be presented with an accurate, threat-intelligence backed, and actionable version of the breach at hand sooner than ever before. You can then leverage segmentation to quarantine affected hosts or cut the link to an affected host as a containment action you can take with the click of a button. (or automate the containment if you want to go that route).
These are the tenants for Threat Containment with the goal of reducing business impact from downtime or loss of data. Remember:
Alignment + Visibility + Automation & Orchestration = Fast Containment
Want to learn more? Read a blog post discussing What is a Common Security Framework (CSF) and why is it important to your organization’s enterprise security. Then learn How to Benchmark Your Enterprise Security Using the Critical Security Controls Framework in another post at our Enterprise Security blog. Perhaps it’s time to step up your security game? Don’t be held hostage by ransomware; read these 10 tough security questions every CIO must be able to answer.