IncMan’s GSN Awards Highlighting the Importance of Intelligence-Driven Security Monitoring, Automation and Orchestration

The cyber security industry today offers a wide variety of solutions aiming to mitigate attacks that are becoming more common and more sophisticated, making it increasingly difficult to detect, manage and respond to breaches as effectively and as efficiently as possible. But, the fact alone that there is no shortage of potential solutions out there to choose from, doesn’t make the challenge of having to deal with the overwhelmingly frequent and complex attacks less grueling. In fact, it can make the task that much more daunting, with the vast pool of tools and platforms available making it difficult for CISOs to decide which solutions to adopt, considering that there is rarely one that addresses all the different security elements required, as well as the specific organizational needs, such as affordability and ease of implementation and management.

With that in mind, it’s safe to say that a solution capable of covering as many angles of the cybersecurity spectrum as possible would serve well to organizations being faced with data breaches on a regular basis. It’s exactly that ability to cover multiple aspects of an organization’s cybersecurity defense that makes DFLabs’ IncMan stand out from the crowd, and one of the factors that helped it to achieve two highly coveted awards at the latest edition of the prestigious GSN Homeland Security Awards.

Holistic Approach to Incident Management and Response

The two platinum awards received by DFLabs were in the Best Continuous Monitoring & Mitigation, and Best Cyber Operational Risk Intelligence Solution categories, respectively. This highlights IncMan’s versatility and ability to save valuable time when responding to an incident and when helping to detect and prevent future attacks.

Computer Security Incident Response Teams (CSIRTs) can benefit immensely from features such as automated collection of threat intelligence, triage, threat containment, as well as processes that help make threat hunting and investigation more efficient. With these types of functionalities, platforms like IncMan help cut incident resolution times drastically and improve the effectiveness of CSIRTs, significantly increasing their incident handling capacity.

Intelligence-Driven Actions

The above capabilities that IncMan boasts are in large part a result of the background in law enforcement and intelligence of the people who were involved in creating the platform. These experiences have allowed them to better understand the challenges security teams face when trying to resolve an incident and address their needs in terms of dealing with continuously increasing number of alerts, underlining the necessity of automating certain tasks and adopting an orchestrated approach to incident response.  As the nature of cyber security attacks continues to evolve over time, so does the sophistication and capabilities of the platform to ensure organizations always remain one step ahead.

A Weekend in Incident Response #14: Updated U.S. National Cyber Incident Response Plan Focuses on Capabilities Required to Respond to Significant Incidents

As part of its efforts to improve the country’s cybersecurity, the U.S.Department of Homeland Security has issued an updated National Cyber Incident Response Plan, specifically highlighting three key aspects:

• Responsibilities of government agencies and private sector organizations during a cyber incident
• Core capabilities required to respond to a significant cyber incident
• Coordinating structures and integration between the federal government and affected entities

The requirements in this plan apply to various types of cyber incidents, but are especially centered around significant cyber incidents that “are likely to result in demonstrable harm to the national security interests, foreign relations or economy, or to the public confidence, civil liberties or public health and safety of the American people.”

Responsibilities and Capabilities

The plan includes a list of responsibilities and capabilities all affected entities are required with regard to with incident response. The ultimate responsibility that affected entities have during a cyber incident is to take appropriate actions to manage the impact of the incident. This includes, but is not limited to: ensuring continuation of business or operational functions, disclosure and notification of the incident in accordance with legal and regulatory requirements, protecting privacy, and managing liability risk.

As far as capabilities are concerned, they encompass the following areas: forensics and attribution, infrastructure systems, intelligence and information sharing, public information and warning, screening search and detection, as well as cybersecurity, to name a few.

How to Respond and Comply with Requirements

In order to be able to comply with the above-mentioned requirements, the best thing that covered entities could do is adopt an incident response platform that can take care of all those tasks. As an example, an organization can obtain a platform that is able to predict, detect and respond to breaches automatically, allowing them to resume operations as quickly as possible.

They can track, predict, and visualize cybersecurity incidents, accelerating the process of resolving an incident. Importantly, utilizing an incident response platform assist in reducing legal and regulatory risks, on top of managing cybersecurity events. A platform like this can provide automated incident reports, which can be beneficial when required to disclose an incident andnotify authorities of it.

Another key capability of an incident response platform is that it allows controlled intelligence sharing with an organization or a community of your own choosing, which aligns with requirements in the National Cyber Incident Response Plan.

In summary; tracking digital evidence and forensic investigation are some of the critical capabilities provided by incident response platforms, which makes them an ideal solution for any entity that is required to comply with the updated National Cyber Incident Response Plan.