Data Breach Incident Detection, What Now?

July 16, 2014

The cybersecurity industry is massive.  Billions of dollars are spent worldwide on data breach incident detection and prevention systems, firewalls, anti-virus software, and a host of other pieces of infrastructure meant to keep intruders out.  But, even with all this money, advanced technology, and great marketing buzz, huge data breaches are reported nearly every day across a host of industries.

Everyone Needs to Respond

It has become an undeniable fact that even the most thorough cybersecurity preparation will be breached, given the lucrativeness of the protected data, the general ease of deploying malware and phishing schemes, and the ever-changing tactics of attackers.  Organizations need to have a response plan in the event of a data breach incident detection. That plan will preserve business operations, protect sensitive information, and identify an incident quickly.

This is not a matter of differentiating large, small, or federal enterprises.  Sure, they have vastly different attack surfaces to defend, but attackers are targeting businesses and organizations of all sizes.  And more often than not, they get in.  Then what?

Complex Situations, Changing Tactics

Attackers are financially motivated to get on your network and money drives innovation.  Gone are the days when incident responders were facing a few attackers with a few known tactics.  Malware authors are becoming more and more devious and deceptive with their techniques, and incident responders and the tools they use need to keep up.

Expensive to Respond

Unfortunately, there isn’t a one size fits all solution to computer incident response and the amount of human time required to fully scope and investigate an incident is usually quite large.  Most effective teams that exist today have been forced to cobble together custom software to help in their efforts and drive cost down.  And the others?  They make do with solutions that are difficult to use or too heavyweight, which invariably causes their costs for a response to rise.  In addition, every incident is different (changing tools and techniques), which eliminates the hope of marginal cost reduction for incident response with repetition.

Inserting an efficient confirmation and triage step in the response process can drive down wasted effort on unaffected hosts and reduce the time it takes an incident response team to start towards remediation.

Cyber Triage from Basis Technology

Many times, generalist IT employees are asked to be this first level of response, but they lack the tools and knowledge to do this efficiently and well.  Basis Technology is actively developing tools in concert with cybersecurity partners that will enable first responders to answer critical questions in minutes, not hours.  We are focused on keeping the human in the loop, but providing critical information in an intuitive manner that helps a responder make decisions faster whether they are a novice or expert computer incident responder.

Learn more about how Basis Technology’s Cyber Triage reduces the amount of information that needs to be reviewed, prioritizes threats, visually shows the most likely compromised hosts, allows snapshot comparisons of hosts to locate hot spots requiring further investigation, and more.