What is Cybersecurity Incident Response?
by Brent Kirkpatrick
(Date Published: 5/9/2018.)
This approach to cybersecurity is new in the last fifteen years. Back in the 1990's, it was sufficient to patch computers each time a virus was discovered. Today, hacking has grown more sophisticated. Hackers aim to remain undetected on networks. IT people may discover a hacker's most obvious efforts, block the intrusion route, and fail to discover a backdoor hiding on another computer.
The approach taken today, to remediate hacking, is to treat it as an ongoing emergency and address the problem using an Incident Response Team. The team employs sophisticated tools to detect the presence of hackers, discover their intrusion routes, scan for exploits, remove exploits, and patch computer systems. These tools often involve digital forensics and extensive trouble-shooting.
Incidence Response is a security consulting service. Rarely is it sufficient to simply install a new firewall. Instead, Incidence Response teams work to discover active vulnerabilities and repair them. These highly skilled teams often come from outside the organization under attack.
Clean-Up. Incident response driven by data and AI.