While table top exercises are always a hot commodity for our customers, proactive threat hunting and compromise assessments are becoming increasingly popular through our Cisco Incident Response Readiness & Retainer service. Whether your organization has recently gone through a merger or acquisition, or are in the later stages of your incident response evolution and maturity, finding out what you don’t know (and what your security platforms aren’t telling you) about your network can be a integral part of your organization’s incident response maturity and capability.
A deep dive into logging as an often-overlooked but powerful tool for incident detection and response
“Lack of instrumentation or insufficient logging” is often a phrase used on incident response reports. During incident response activities, this isn’t a phrase you want to see, since lack of logging inhibits your organization’s ability to conclusively determine root cause analysis.
You have just been notified by a “TLA” (Three Letter Agency), a law enforcement agency, that your organization has suffered a data breach. Depending on your Threat Management Maturity level, you will either approach this methodically or ad-hoc. A TLA notification will generally involve leveraging the expertise of an Incident Response team, either your internal team, or a trusted third party, such as Cisco Security Incident Response Services.