McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. Copyright © 2017 McAfee, LLC. 3631_1017

10 Ways You Can Accelerate Detection and Response

Quell the dwell.

Time has been on the side of the attackers. However, you can regain your advantage by knowing your security environment, planning ahead, and employing a proactive approach.

For details on these 10 tips, download 10 Ways to Accelerate Time to Detection and Response

Thinking ahead is paramount.

1. 2017 SANS Incident Response Survey

Regain Time. For too long, time has worked in favor of the attackers—with cybercriminals using dwell times to their advantage. Here are 10 tips you can use to add speed and intelligence to your incident detection and response.

If your security products don’t talk, you won’t see the full picture. And you might miss a breach. Integrating your detection and response systems, through initiatives such as OpenDXL, will ensure communication and accelerate detection and containment.

Integration is everything.1

It’s no surprise security professionals say that determining security incident impact and scope takes a lot of time. Many often underestimate how many servers, applications, and devices are in their organization. By implementing centralized security management you get the visibility and monitoring you need.

Understand your entire environment.2

Quickly detecting anomalous activity is essential. However, that is impossible without a baseline of normal system, network, and user activity levels. Get a solution that continually monitors traffic, and automatically detects anomalous activity, making network blind spots a thing of the past.

Always keep your eyes on the data.

3

Start with collecting and integrating threat intelligence inside your organization and expand to sharing across your industry. Sharing gives you, and everyone in your industry, invaluable insight into the latest vulnerabilities and dangers. Use tools that can monitor, collect, manage, prioritize and share threat intelligence.

Stay up-to-date on the threat landscape.4

Triage is the key during an attack. You must know your most critical assets, know when to sound alarms, and have structured investigation workflows and cross-functional communications already in place. Plan ahead so that you will save precious time defending your organizations most important assets when they come under attack.

Prioritize your assets, events, and actions.5

Approximately a third of companies train for incident response.1 That’s a small percentage given that putting response procedures to the test identifies security gaps before breaches occur. Run regular drills to improve response times. Simulate breaches, conduct drills, or hire a penetration testing firm to attack you from outside.

Practice. Practice. Practice.6

Automation won’t replace highly-trained staff, it will make them more effective. With machine learning, you can automate security event classification and prioritization. This lets you perform the predictive and prescriptive analytics that help anticipate and neutralize newly-emerging evasion techniques.

Team man and machine to combat malware.7

Being proactive with your security, rather than reactive, is the only way to safeguard your business. Once you understand your environment, you can actively search for threats before they find you.

Go on the offense. 8

Many breaches originate with third-party suppliers, partners, or cloud providers. Ensure that every entity connected to your network environment, without exception, adheres to your security policies. Also, set privilege, time, and location controls to make certain partners can access only prescribed systems and data.

Regulate outside access to your enterprise.9

Make your detection and response systems faster and smarter witheach event. Leverage every security expert, technology, and process to feed post-incident analysis to your threat intelligence, automation tools, and training teams.

Create an active feedback loop.10