3 key steps to improve your cybersecurity defenses
According to Malwarebytes, this type of proactive threat hunting can improve a company’s security defenses by as much as 30%. But it’s also how companies react when they do find a threat that dictates how costly a breach may be.
Malwarebytes identifies three key steps that must be a part of any successful response plan in order to contain threats and prevent a problem from turning into a crisis.
It’s vital to isolate the threat before it has a chance to spread within the network. This means containing it within the endpoint where it’s originated. It's important to ensure that the threat isn’t only blocked from moving deeper within the network to central servers, but also preventing any east-west movement to other devices.
Ideally, this needs to be done on a network level, so there’s no need to physically disconnect machines or ports from the network. Doing this prevents the infection from taking any more detrimental actions, such as 'phoning home' to receive further instructions or moving laterally to find another hole in the defenses.
Effectively isolating a potential threat will give you breathing room to conduct further investigations and determine the best course of action. Malwarebytes notes that this is traditionally one of the most challenging parts of any threat response, as security pros find it difficult to access right data and visibility to identify a potential threat, determine if it’s malicious or benign, and map its attack sequence.
Therefore, tools to assist with this must be able to identify how many systems are affected and provide details into what actions the threat has taken, such as any processes that have been initiated or applications launched.
It's only when armed with this information you can put an effective response plan into action. This is another area where advanced automation tools can prove highly useful. This should allow you to remove any malware from your system with just a single click.
This must include eliminating the threat both within the endpoint where it’s contained and hunting it down and destroying it in any other part of the network, such as servers, that it was able to reach before being identified. For threats such as ransomware, this should also utilize backups to restore files that have been removed, modified, or encrypted.
If the potential threat does turn out to be a false alarm, you can add it to an exclusion list so similar activity isn’t flagged in the future.
Follow these steps and you can greatly reduce the impact a cybersecurity threat can have on your network, saving you time, money and your reputation.
Access the latest business knowledge in IT
Join the conversation...