security incident? We all love the ... businesses treat information security breaches as part of their ... in place, suc
Solution Overview
Incident Response Are you prepared to manage a security incident? We all love the Sunday papers – until they report the latest high profile breach and we find ourselves answering that Monday morning question, “how would we deal with this type of incident?” Incidents are increasing in frequency which means businesses are spending more time and money on remediation – often working in the eye of a corporate storm to resolve issues at the same time as trying to maintain business as usual. Complex threats such as APT, are difficult and time consuming to unpick and may require specialist knowledge and resources to comprehensively resolve. They also exploit the siloed nature of traditional incident response, that does not necessarily understand the interdependencies in business systems and applications. The maturity of incident response varies considerably, but high performing businesses treat information security breaches as part of their Business Continuity planning. They confidently manage incidents in an efficient, low noise, repeatable manner. A mature approach not only minimizes the impact of a breach on a business and protects valuable data throughout, but also intelligently adapts to prevent further incidents. So how can you drive the maturity of your incident response? Not all incidents are equal To confidently answer the question about how you would respond to an incident, you have to establish a comprehensive, realtime view of network activity.
www.nttsecurity.com
This is the only way to quickly recognize that you are under attack – and dependent on the type of incident – you can then implement a clear plan for the right remedial action for your business. This means that you must be able to classify the incident. Context is important here, as not all incidents are of equal impact – which is why your incident response must be designed with your business goals and compliance requirements front and centre. The right intelligence about the impact of any incident will drive a proportionate response and focus resources to minimize damage and disruption, returning to business as usual as quickly and smoothly as possible. Good incident response therefore starts with good risk insight and understanding of your information assets. But mature incident response does not necessarily mean spending more on technology. Most organizations that we talk to have all the technology they need in place, such as data loss prevention, perimeter defenses and log management. What they often ask us to help with is thinking more about processes and people. We work with our customers to establish what skills they already have, what they would need if they were breached, and where they would go for help. Most organizations do not have spare resources just waiting to leap into action when an incident happens, which is why they may seek a trusted partner if the worst happens.
Incident Response at a glance: • �Increases the maturity of your incident response planning and execution • �Ensures that all stakeholders understand roles and responsibilities • �Offers the right resources for rapid remediation when you need them • Defines the fastest most efficient return to business as usual after an incident • �Clarifies the relative impact of incidents in the context of your specific business goals, based on our experience • �Ensures incidents are not repeated through closed loop reporting and analytics
Benefits of our approach: • Faster, more efficient incident response minimizes the impact and cost of incidents and protects your data • Using our response teams means you always have access to the right skills and knowledge • �Maximizes the value of your existing technology investment with practical advice and best practice processes • Move from reactive to proactive incident response
Copyright© NTT Security 2018
Understanding compliance It is vital to understand where compliance fits into your incident response processes and have a clear procedure in place to meet your specific obligations for reporting incidents. We help our customers to put processes in place to ensure they know when and how to notify law enforcement or specific industry regulators. This involves establishing policies with other parts of the business affected by a breach. This may be an organization’s PR, Business Continuity, Risk or customer services teams, as well as defining how to share the news internally. And though it is not always essential to share information about a breach with your customers and partners, it will be necessary to define and communicate your policy – dependent on the nature of the incident and how early you can understand and communicate what it is and what you are doing about it.
you navigate through regional variations, complex privacy laws and notification requirements – using our Global Enterprise Methodology to ensure consistency. Culture and collaboration A security breach can naturally result in some finger pointing. We are used to having fire drills, but organizations do not always consider the value of using high visibility exercises such as rapidresponse communication drills and tabletop exercises - simulating potential incidents to improve awareness and define roles and responsibilities beyond the technology teams. In our experience this will heighten the sense of joint responsibility for effective resolution.
Building the right incident response model We work with our customers to build a structured plan that clearly articulates the approach, benefits and measures for There is also a complex international aspect application risk reduction. This includes to incident response and many customers defining a functional and UAT strategy. But value our experience of resolving incidents our work does not end here. Our breadth for multinational organizations – we help of experienced resources means that we
also deliver the plan – only handing back to our customer when all test criteria are successfully met. For organizations that understand the value of fast, efficient response, part of the plan can include the use of a specialist incident response team. Armed with a clear understanding of your business and technology infrastructure, this dedicated team would: • Establish a presence at your place of business • Perform network and host based forensic investigation into incident • �Provide incident management capability • Deliver summary post incident report and recommendations Not all companies are very mature in their incident response planning and execution, but if they have suffered a breach, they certainly don’t want to repeat the experience. If you improve the maturity of your incident response, you will reduce the risk of future incidents, as well as reducing the business impact/cost.
NTT Security Incident Response helps you to minimize the impact and cost of an incident, as well as protecting your valuable data, intelligently adapting to prevent further incidents. INCIDENT OCCURS
NTT SECURITY TEAM DEPLOYED
INCIDENT MANAGEMENT CAPABILITY ESTABLISHED
FORENSIC ANALYSIS AND INCIDENT CONTAINMENT
INCIDENT RESOLUTION
INCIDENT CLOSURE AND WRAP UP
INCIDENT REPORT AND ROADMAP
• Customer suffers incident and has no in-house capability
• NTT Security deploys a skilled, rapid response team to client site, including incident handlers and technical analysts
• We rapidly establish process structure to handle the incident on the client’s behalf
• Our analysts inves�gate, iden�fy, analyse and contain the cause of the incident
• We provide support and guidance to the client to resolve the incident
• We support the close out of the incident and wrap up onsite ac�vi�es
• Post incident, NTT Security provides report on the incident, along with a tac�cal roadmap of recommenda�ons to reduce risk
About NTT Security NTT Security is the specialized security company and the center of excellence in security for NTT Group. With embedded security we enable NTT Group companies to deliver resilient business solutions for clients’ digital transformation needs. NTT Security has 10 SOCs, seven R&D centers, over 1,500 security experts and handles hundreds of thousands of security incidents annually across six continents. NTT Security ensures that resources are used effectively by delivering the right mix of Managed Security Services, Security Consulting Services and Security Technology for NTT Group companies – making best use of local resources and leveraging our global capabilities. NTT Security is part of the NTT Group (Nippon Telegraph and Telephone Corporation), one of the largest ICT companies in the world. Visit nttsecurity.com to learn more about NTT Security or visit http://www.ntt.co.jp/index_e.html to learn more about NTT Group.
www.nttsecurity.com
Copyright© NTT Security 2018
UEA V2
