Rapid Containment of Intrusions
by Brent Kirkpatrick
(Date Published: 2/7/2018.)
Containment necessitates identifying the vulnerabilities that were exploited and finding solutions to them. Suppose that you know a priori the line of code that was exploited by the hackers, perhaps they bragged about how they got in. Then containment might involve blocking network traffic to that application, ceasing to use that application, or patching that precise line of code.
After hacking is discovered, rapid containment means quickly finding multiple vulnerabilities and solutions to them. The discovery of vulnerabilities is usually a months-long or years-long process, if we think about the software test life-cycle. How do we take a long process and shorten the time-line to provide rapid response?
We need to use science to quickly detect the vulnerabilities, rapid development methods to find the line of code, and software skills to patch or mitigate the problems. Ideally, all of this would be done under one roof, with the cybersecurity people talking directly to the developers who patch the software.
Intrepid Net Computing is a software company that does cybersecurity using a rapid containment model.
defendIT. AI-driven security measures derived from security incident data.