Securing Your Remote Workforce, Part 3: How to Detect Malware in the Guise of Productivity Tools
April 3, 2020 —
As our workforce continues to be remote, SOC teams are tasked with an even larger threat landscape to[…]
Incident Response
Information Security Blog
Incident ResponseGet the Latest on Information Security
Incident Response
Incident response is an approach to review, and respond to a cyber security breach or attack utilizing a planned process or methodology.
Effective incident response teams utilize procedures and technology, such as automated playbooks, to respond quickly and adequately to cyber security events, limiting the damage done by attackers.
Incident Investigation: How Understanding Context Aids Informed Decision-making
August 22, 2019 —
During an incident investigation security analysts assess different indicators of compromise (IoCs) or the tactics, techniques, and procedures (TTPs) of an attack to determine the context in which an alert is firing. We look at how you can find critical information that will help gain a true understanding of the alert or incident.
Executive Briefings 101 From the Frontlines
July 18, 2019 —
On average, the mean time to identify a security breach is 197 days or approximately 28 weeks, according to IBM Security. Incident handlers need to prioritize the information that is communicated to executives and speak to what executives are most concerned about.
What’s In a Good Story? Context, Plot and Discovery
July 11, 2019 —
The context for security events is a key factor for investigation and remediation. This begins with understanding what is normal for each user or entity in the organization. Exabeam models user activity to build this baseline of normal and score risk based on anomalies – not artificial correlations.
