February 29, 2016 By Dan Wilson 5 min read

Having been in the IT security industry and incident response for over 15 years, I have seen my fair share of security breaches, and I’ve experienced firsthand the effect these events can have on individuals and businesses. Damaged careers and brand reputations, as well as the high costs of dealing with the incidents, can be staggering to any business.

With security incidents continuing to increase in number and complexity and the cost of a data breach reaching a record high in 2015, it is no wonder that many security professionals lay awake at night wondering if they have the right strategy in place to protect their business.

It has become obvious that having a security compliance program with the latest security technology in place is just not enough. It is no longer a matter of if an organization will experience a security incident of some kind, but when. Given that it is more likely to happen, organizations should be focusing on incorporating proactive incident response strategies that will reduce the overall impact of an incident into their security program.

Here are three ways IBM X-Force Incident Response can help an organization to be better prepared for the inevitable.

1. How Can My Organization Reduce the Risk for the Inevitable Security Incident?

Research has shown that an organization that assumes the mentality that security incidents will occur and works to prepare for those events will deal with the incidents more effectively. This will lead to a reduction in organizational churn and the associated costs of dealing with a security incident. In other words, “Chance favors the prepared mind.”

A well-thought-out incident response plan that has been tested and reviewed with key stakeholders is a critical part of this preparation. Having the appropriate incident response expertise on board is also an important factor. But time and budget, or hiring the right skills in a depleted market, can make this difficult and may feel like a daunting task to conquer on your own. However, IBM X-Force Incident Response can help you reduce the overall impact and risk for your organization with industry-leading incident response expertise.

IBM X-Force assigns professionals to work with you proactively in your incident response program. Our experts will:

  • Be available to you 24/7 to lend forensic and case management expertise in the event of a security incident, with boots-on-the-ground support within 48 hours of your incident declaration;
  • Review your incident response plan and assist with any needed refinement or develop an industry best practices approach from scratch that is tailored to your organization and needs;
  • Coordinate incident response training and tabletop test exercises with your organization to ensure your plan is working as anticipated while at the same time increasing security awareness; and
  • Provide proactive intelligence from X-Force research and threat intelligence teams to help you prepare for and avoid potential attack trends.

So how exactly does all that help? Here is an example of a recent client that purchased our service a year ago and was struggling with the challenges of managing incident response for a large global footprint with a small corporate security staff. We began our partnership by developing a custom security incident response plan that defined roles within the organization, helped meet required compliance and regulatory needs and defined severity levels outlining when various organizational elements needed to be involved.

The plan was approved and then tested with key stakeholders to ensure it would work as designed. Education was then provided and the plan implemented. With the plan in place, the client had IBM X-Force Incident Response on board for assistance when security incidents occurred.

This client had to handle several incidents over the past year. In each case, the time to reach containment was cut in half, and the time to provide analysis and recommendations to the client’s C-level also decreased.

Overall, organizational churn and costs have been reduced as incidents are handled efficiently with the appropriate level of expertise. All of this was accomplished at a much lower cost than if the client had taken on the project alone and staffed its own forensics expertise.

2. Am I Already Breached or Infected and Just Don’t Know It?

In today’s world of incident response, being prepared is good but not good enough. Sometimes you have to go on the offensive. In other words, incident response is no longer just about reacting to security events; it’s about proactively reducing an organization’s risk.

Many security professionals and CISOs lay awake at night wondering if the policies and technologies implemented in their defensive plan are truly working. A question often heard is: “Am I already breached or infected and just don’t know it?” IBM’s X-Force Incident Response team can help answer that question.

With our experience and in-depth knowledge of security intelligence and attack vectors, we work with clients to deploy forensics expertise that proactively searches their IT environment for any undetected malicious activity. Anything outside the norm is quickly identified and eradicated before it can become a larger problem.

IBM X-Force Incident Response has done many of these assessments with clients over the past couple years. In most cases, malware and other malicious activity has been discovered and dealt with. At the very least, clients received a list of actions they can take to shore up their environment and better prevent future attacks.

Other clients take advantage of our capability to proactively review the network of any newly acquired entities before proceeding with integration into a corporate network. This allows the client to ensure anything malicious that already exists is removed and the environment hardened prior to integration. Considering we have seen many large breach cases start with an insecure acquisition being tied to the home network, this gives the client a proactive and secure approach to network integration.

3. I’ve Paid a Lot of Money to Implement the Latest Security Technology — How Do I Know It’s Alerting My Team Appropriately and Not Missing Anything?

Implementing a new security technology and trusting that it works as advertised assumes a large risk for your organization. Testing of the implementation and making adjustments should be done regularly.

IBM’s X-Force Incident Response team can also assist with this. By combining incident response expertise with penetration testing and security information and event management (SIEM) consulting expertise, we can plan and conduct real-life testing exercises designed to test your implementation against the latest threats. We then work with you to fine-tune your SIEM implementation to reduce the noise and increase alerting on the things that matter.

At the end of the day, success in reducing the risk and costs for your organization when dealing with security events depends on the proactive approach your organization takes with its own incident response strategy. Partnering with IBM X-Force Incident Response can ensure you have:

  • A well-developed and tested incident response plan;
  • A staff trained for better handling of security incidents;
  • 24/7 access to forensics and incident response expertise;
  • An environment proactively searched for existing malicious activity that can be immediately removed before becoming a larger problem; and
  • Regular testing of SIEM implementation to ensure you are getting the level of protection you invested in.

IBM X-Force Incident Response is a winning relationship for any security leader looking to be proactive. Professionals can rest easy knowing they have a full partner in their incident response.

More from X-Force

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

Strela Stealer: Today’s invoice is tomorrow’s phish

12 min read - As of November 2024, IBM X-Force has tracked ongoing Hive0145 campaigns delivering Strela Stealer malware to victims throughout Europe - primarily Spain, Germany and Ukraine. The phishing emails used in these campaigns are real invoice notifications, which have been stolen through previously exfiltrated email credentials. Strela Stealer is designed to extract user credentials stored in Microsoft Outlook and Mozilla Thunderbird. During the past 18 months, the group tested various techniques to enhance its operation's effectiveness. Hive0145 is likely to be…

Hive0147 serving juicy Picanha with a side of Mekotio

17 min read - IBM X-Force tracks multiple threat actors operating within the flourishing Latin American (LATAM) threat landscape. X-Force has observed Hive0147 to be one of the most active threat groups operating in the region, targeting employee inboxes at scale, with a primary focus on phishing and malware distribution. After a 3-month break, Hive0147 returned in July with even larger campaign volumes, and the debut of a new malicious downloader X-Force named "Picanha,” likely under continued development, deploying the Mekotio banking trojan. Hive0147…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today