One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8352559 |
| Date de publication | 2023-07-05 18:00:00 (vue: 2023-07-05 18:07:27) |
| Titre | Quelle est la différence entre la réponse des incidents et l'ampli;Chasse à la menace? What is the difference between incident response & threat hunting? |
| Texte | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. When it comes to protecting data in an evolving threat landscape, two common strategies are at the forefront: incident response and threat hunting. While both processes can safeguard an organization\'s data, their approaches, objectives, and execution differ significantly. Understanding the differences between the two strategies is critical for organizations aiming to: develop a comprehensive cybersecurity approach, effectively manage incidents, proactively detect threats, and build a skilled cybersecurity workforce. Incident response vs. threat hunting: The basics Incident response is a reactive process that typically begins when a security breach occurs. It involves a set of processes and procedures used to manage and respond to a cyberattack. The goal is to identify and respond to any unanticipated, disruptive event and limit its impact on the business, minimizing damage and recovery time. Examples of cyberattacks include network attacks such as denial of service (DoS), malware, or system intrusion, to more internal incidents like accidents, mistakes, or system or process failures. Robust incident response requires the right team, a well-developed plan, and excellent communication. According to the National Institute of Standards and Technology, the four crucial elements of a robust Incident Response Plan (IRP) should include: Preparation Detection and analysis Containment and eradication Post-incident recovery approach Threat hunting, on the other hand, is about being more proactive. It systematically analyzes an organization\'s security posture to identify potential threats before they become active. Threat hunting typically involves looking for threats within your environment and resources that are either compromised or have the potential to be compromised. Risks run the gamut from vulnerabilities with outdated software, insecure access control, or misconfiguration. In most organizations, threat hunting is conducted by traditional IT security teams and even Incident Response teams. Organizations that have a security operations center (SOC) will often have that team on the frontlines. Organizations without a SOC or dedicated security team may not be capable of performing threat hunting, but in today’s evolving threat landscape, someone needs to be responsible. The interplay between incident response and threat hunting First things first: incident response and threat hunting are not mutually exclusive. In fact, they complement each other as crucial elements of a well-rounded cybersecurity strategy. Threat hunting can significantly enhance incident response. What this means is that by proactively identifying potential threats, organizations can prevent incidents from occurring in the first place. When incidents do occur, the insights gained from threat hunting can help incident response teams understand the nature of the threat faster and respond more effectively. So it only makes sense then that incident response can boost threat hunting efforts. By analyzing incidents after they occu |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | 24/7 24x7 a soc ability about access accidents according across action active activities adopt advanced adversaries after aiming alien allow companies allows also analysis analytics analyzes analyzing any anywhere applications approach approaches are around article assessment associated at&t attack attacks audits author automated automating award basics become before begins behalf being beneficial benefits between boost both breach broader build building business but can can’t capabilities capable category cause center centralized challenges changer clients clock cloud cohesive combines comes coming common communication complement complex complexity compliance component comprehensive compromised conducted consolidating contact containment content context control core cost costs critical crucial cyberattack cyberattacks cybersecurity damage data dedicated demonstrate denial detect detected detection develop developed differ difference differences discovery disruptive does don don’t dos during each easily edr effect effective effectively efficiency: efforts either elements emerging employees empower empowering empowers enabling endorse endpoint endpoints enhance ensure ensuring entire environment environments eradication essentially even event evolving examples excellent exclusive execution expertise expertise: experts explore extended extends fact factor failures faster file fim first first: focus focuses forefront: fortify four from frontlines full gain gained game gamut give glass goal hand handle has have help helping hiring house how human hunt hunting hunting as hunting: identify identifying impact importance important improved incident incidents include include: includes including increasingly information insecure insights institute integrates integrity intelligence internal internally interplay intrusion investigate investigation investment involves irp issues it’s its key knowing knowledge labs™ lack landscape leading leads learn like limit looking maintain maintaining makes making malware manage managed management may mdr mdr: means might minimizing misconfiguration mistakes mitigate monitor monitoring more most multiple mutually national nature need needed needs network networks next not note now objectives occur occur—act occurring occurs offers often only operations organization organizations other outdated overall pane particularly performing personnel piece place plan planning platform positions post posture potential powered premises preparation prevent prevention proactive proactively procedures process processes products program promptly protect protected protecting provide provided providers provides puzzle range rapid reactive real recovery reduce reducing regulations reputation requires resources respond responded response response: responsibility responsible right risks robust role rounded rules run safeguard scalability security see sense service services set several should siem significant significantly simplified simplifies single skilled soc software solely solution solutions some someone standards step strategies strategy such supplement support surrounding suspected system systematically systems tactics take taking team teams techniques technology than them then these things threat threats threats before they through time times to: today today’s traditional training triage trigger ttps two typically unanticipated unauthorized understand understanding unfold unified unlike upfront use used usm valuable various vectors views visibility vulnerabilities vulnerability wait well what when wherever whether who wide will winning within without workforce xdr your |
| Tags | Vulnerability Threat Cloud |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.