Protection is required but no longer sufficient in today’s digital, connected environment. Strong defenses are necessary but sooner or later every organization will get breached. Most breaches will be the result of a social engineering attack because the weak link in security is the human element. Common ways that hackers bypass defenses and breach the company’s network include users clicking on an embedded link, downloading a file, or visiting a website. The reality is that the initial breach is generally the first step for any hacker and does not lead to immediate damage.
That initial breach allows the hacker to do reconnaissance, find what’s valuable, and then attempt extricate or extort through ransom. Generally, that second stage takes several months. A Detection Strategy along with a Response Strategy can detect these initial security incidents and can stop the hacker without any real damage to the company. This requires collecting log data from the various IT and security systems, analyzing the data, finding the incidents and vulnerabilities, and remediating problems in a timely manner. This work will validate that the organization is secure and identify ways to improve the security posture of the organization.