Addressing the Incident Mitigation Procedures Prescribed in the NIST Framework

Back to all articles

Addressing the Incident Mitigation Procedures Prescribed in the NIST Framework

The typical cyber security incident response process is carried out in several stages, and mitigation activities are a significant part of that process, as they are meant to help eradicate an incident and prevent it from expanding. The Cybersecurity Framework, published by the National Institute of Standard and Technology (NIST) back in 2014, offers a separate section on mitigation as part of the broader incident response effort, advising companies on the immediate steps they are supposed to take following a cyber security event.

The NIST Framework section dedicated on mitigation includes the following steps: contain, reduce impact, eradicate, document. Going through all these steps can be time-consuming and can waste a significant amount of a company’s resources, which is why companies need to consider implementing a software solution that can help their cyber security teams save valuable time while performing these tasks. Incident response platforms with automation-and-orchestration capabilities are the ideal solution for every organization that’s required to mitigate cyber security incidents fast and effectively.

Automated Playbooks for Specific Types of Incidents

By using a cyber incident response platform, companies can take advantage of its numerous features relating to mitigation, such as automated playbooks, workflows, evidence tracking for forensic analysis, and reporting, to name a few.These platforms provide a set of workflows that apply to all different scenarios involving various types of cyber security events, including malware attacks, phishing incidents, or data breaches. The workflows help a company’s cyber security team analyse exactly what action to take depending on the type of attack. For instance, if your company faces a phishing attack, a workflow will guide your CSIRT through the containment process, with actions like checking the source-code of the phishing website and spreading the URL of the attack on all accessible web browsers.

These platforms provide a set of workflows that apply to all different scenarios involving various types of cyber security events, including malware attacks, phishing incidents, or data breaches. The workflows help a company’s cyber security team analyse exactly what action to take depending on the type of attack. For instance, if your company faces a phishing attack, a workflow will guide your CSIRT through the containment process, with actions like checking the source-code of the phishing website and spreading the URL of the attack on all accessible web browsers.When it comes to reducing the impact of an incident - related to a malware attack, for example - you can use an incident response platform’s playbooks to figure out how to configure servers and email clients to block emails providing suspicious files, after having identified them, or to block malicious code, and how to identify and isolate the host that has been recognized as a source of the infection.

Few Simple Steps to Eradicate and Document

As far as eradication is concerned, it’s also mostly associated with malware attacks, a highly effective solution is an automated incident response platform. It can help you identify all vulnerabilities and remove the malware fast from all affected hosts, while also allowing you to proceed to the final stage of the mitigation procedure - documentation of an incident. These types of platforms have the ability to preserve, secure and document digital evidence, to allow a proper forensic analysis that would help determine where the attack came from, how it was conducted, and how similar attacks can be prevented in the future.

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request Your Live IncMan SOAR Demo.

DFLabs IncMan SOAR is the pioneering Security Orchestration, Automation and Response (SOAR) platform to automate, orchestrate and measure security operations tasks.

IncMan SOAR harnesses machine learning and automation capabilities to augment human analysts to maximize the effectiveness and efficiency of security operations teams, reducing the time from breach discovery to resolution by up to 80%.

What You'll See in a Demo

See for yourself why IncMan SOAR is the preferred solution of Fortune 500, Global 2000 and MSSP clients. DFLabs IncMan SOAR at a glance:

  • Full and semi-automated Incident Response, improving response times by up to 80%
  • Covers the entire spectrum of IR and SecOps
  • Automated Responder Knowledge (ARK) generated by machine learning
  • Highly flexible and customizable, with over 100 templates and automation actions out of the box
  • Correlation engine correlates all relevant IOCs and artefacts between incidents
  • Multi-tenancy and granular role-based access
  • Dual mode playbooks and intelligence sharing
  • Powerful case management with integrated forensics capabilities.

Yes, I want a demo

DFLabs would like to stay in touch to provide you with marketing related content. By ticking the box you consent to receive educational, company and promotional information from DFLabs and accept DFLabs' Privacy Policy.

* Required fields