The Hacker News - Cybersecurity News and Analysis: Incident Response Plan

Anyone paying attention to the cybersecurity technology market has heard the term XDR - Extended Detection and Response. XDR is a new technology approach that combines multiple protection technologies into a single platform. All the analyst firms are writing about it, and many of the top cybersecurity companies are actively moving into this space. Why is XDR receiving all the buzz? Combining (or orchestrating) security technologies in a usable manner has become the bane of cybersecurity as technology spread has overwhelmed the space. There's a massive market for cybersecurity technologies that combine and rationalize other cybersecurity technologies (see SIEM and SOAR). However, most companies find selecting, implementing, integrating, normalizing, operating, and maintaining a fully combined set of cybersecurity technologies far too daunting and only within reach of the largest companies with the deepest pockets. XDR Insights Next week, Senior Analyst Dave Gruber of E

The fight to protect your company's data isn't for the faint of heart. As an embattled IT warrior, with more systems, apps, and users to support than ever before, keeping everything up and running is a battle in itself. When it comes to preventing the worst-case scenario from happening, you need all the help you can get, despite your super-hero status. According to SANS, there are 6 key phases of an incident response plan. Preparation - Preparing users and IT to handle potential incidents in case they happen Identification - Figuring out what we mean by a "security incident" (which events can we ignore vs. which we must act on right now?) Containment - Isolating affected systems to prevent further damage Eradication - Finding and eliminating the root cause (removing affected systems from production) Recovery - Permitting affected systems back into the production environment (and watching them closely) Lessons Learned - Writing everything down and reviewing an