Why Today's Threats Require a New Approach to Incident Response

By TMCnet Special Guest
Mike Horn
  |  December 05, 2013

As we have seen in the news, some of the largest, most secure enterprises such as Google (News - Alert), Sony, Lockheed and many others have been targets of advanced persistent threats, leaving IT and security teams to worry that if these groups can get hit, anyone can. 

It is probable that most businesses will be the target of a major cyber-attack at some point in time, and it’s also fair to say that most businesses are not prepared with the latest security protection solutions – due to cost, staffing, or a complex vendor market making decisions difficult. How do organizations prepare for a major breach, while reducing risk and ensuring the security of valuable corporate data?

Performing incident response effectively is a complex undertaking. Continually monitoring for attacks is essential, and that means staffing, training, and having a plan in place. Establishing clear procedures for prioritizing and managing incidents is critical, and establishing effective processes for collecting, analyzing, and reporting data is absolutely key for mitigating risk. IT teams have an additional responsibility of building and maintaining relationships and communications with other internal departments. To have a successful incident response plan, much is required of IT beyond the normal job description. Having technologies in place that enhance the performance of security infrastructure helps in the reduction of time involved, staff needed, response and reports required.

There are countless stories being told of unique threats that find their way into the most secure organizations. Each newly discovered threat brings new challenges, and many result in the need or desire for a complete security overhaul of what some organizations have in place. But most organizations have a wide variety of network security products – including next-generation firewalls, SIEM platforms, advanced malware detection platforms and more – yet somehow attacks continue to penetrate these enterprise fortresses. So what is an enterprise to do? What’s missing?

Visibility, context, time and enforcement are the most critical elements in stopping a data breach. Manual data collection processes are too slow, produce false positives and delay immediate action. Being able to respond rapidly, prioritize and analyze instantly, and take appropriate action immediately, are key in mitigating risks and stopping threats before or as they happen. As good practice, every IT team should have a plan in place – a plan that evolves as threats evolve, prioritizing, analyzing and responding to existing and new threats. Traditional network defenses (firewalls and proxies) need to stay in place while their efficacy is improved. The best defense is a seamless integration of technologies that work together to reduce the burden on IT, saving organizations precious time and money.  Integrating security technologies that work together for ground-to-cloud protection provides a barrier to thwart even the most advanced threats – stopping them as they get detected at the wall, shutting them down while they try to get in.

Some of the better known threats target zero-day vulnerabilities and are highly targeted.  What usually makes these threats advanced is that they combine a set of unique infiltration techniques unrecognized by even the most experienced IT staff. Being able to respond to a threat in real time as it happens has been one of the biggest challenges to date, but is key to the overall success of a security operation. Being able to analyze a threat accurately and confidently using context and prioritization helps protect users no matter what device or desktop system they are utilizing. And being able to trigger controls across a heterogeneous set of enforcement points keeps data and users safe. 

These new approaches to incident response will help protect against the newest waves of today’s and tomorrow’s attacks.

Such new approaches allow organizations to instantly respond to security incidents with a higher degree of accuracy and confidence, protecting all users from a variety of advanced attacks. In addition, the streamlined process and easy integration with existing firewall and proxy solutions delivered saves time and reduces manual security and response processes, allowing for a more dynamic environment for real-time identification, analysis and elimination of potential threats. As an added bonus, staff is now more free to address other critical areas of the financial services organization. By leveraging a solution that actively links multi-vendor, security enforcement points with a variety of security intelligence offerings, organizations can better utilize their security devices in place, and dynamically and instantly respond to malicious attacks in real-time.

Mike Horn is co-founder and CEO of NetCitadel (

Edited by Stefania Viscusi