At OnPage, we spend lots of time thinking about how to apprise people about the importance of critical IT alerting. So when our CEO Judit Sharon emailed me about an upcoming webinar from HIMSS entitled: Incident Response is the New Black – A Must Have For Your Security Strategy, I was intrigued. I wanted to know how the speaker would entertain alerting in incident response.
As it turned out, while the webinar was fascinating, the discussion focused on response dictionaries and procedures and did not mention critical alerting at all. I was left wondering, why would an organization focus solely on incident response to save their IT? How can an organization have an effective incident response platform without a critical alerting platform? In the vein of fashion, wouldn’t the scenario be like having pants but forgetting to button them? If you forget to button your pants, they will fall down. Without proper critical alerting your response posture will crack.
The real pain caused by attacks is the reason so many IT offices – either as sole practitioners or as centers within hospitals, law offices or other businesses – are focused on incident response to security events. And a simple look at the statistics is enough to shock even the most even keeled of IT professionals. According to recent stats:
To handle the breadth and impact of these incidents, IT centers develop robust policies to handle these situations. The companies develop playbooks and procedures. Yet when an inside employee enables an attack and the breach occurs, rather than receiving a persistent and immediate alert, the on-call engineer simply receives an email or a phone call. Maybe they also get a text. How well do you think an alert through one of these channels performs in getting the attention of the on-call engineer?
If an IT center or office has intelligently designed their principle of least privilege (POLP) whereby they provide only the access an individual needs to perform their job, the organization will have a strong sense of what privileges are enabled and who has what access. The organization will also have a strong knowledge of what is considered normal and what is considered anomalous behavior on their network.
POLP enables preemption of both malicious and accidental breaches by narrowing the list of possible points of exploitation –which in turn narrows the list of possible users that might be suspected or held accountable. When an alert does occur because someone has improperly accessed a point on the network, OnPage will allow officials to recognize critical situations in real time.
Critical alerting enables:
Security officials can then turn to playbooks to know exactly the steps they should follow. Excel is not a viable option for playbooks. Instead IT staff need a robust database which enables them to:
An effective incident management system (IMS) will combine these capabilities with a robust alerting system like OnPage. When endpoint and network monitoring systems are integrated with OnPage’s critical alerting platform, responders are immediately notified of anomalous events.
After the attack has been alerted to and resolved, it is important to implement a post-mortem to review how well the team performed. As part of the post-mortem, teams should look at how long it took them to recognize the attack; how long it took them to alert to the attack; how long it took them to respond to the attack; and how long it took them to resolve the attack. By knowing these metrics, teams can minimize their Mean Time Til Resolution (MTTR).
Additionally, by reviewing MTTR, teams will have a metric by which they can review their response time to other incidents and see what impeded or improved their response time. Only through acknowledging the importance of this metric and bringing it into the IT wheelhouse, can teams respond effectively.
Without the addition of the OnPage critical alerting platform, an IMS is just a pair of pants without a button. IMS needs OnPage to keep its pants on.
Learn more about how OnPage can help your company enable critical alerting and have the confidence to respond quickly, and seamlessly to any IT breach. Download our whitepaper today.
If you’ve been using Grafana OnCall OSS for incident management, you may have already heard…
We're excited to announce the launch of our bi-directional integration between OnPage and Jira! This…
If you haven’t heard already (which would be shocking considering the numerous posts I’ve seen…
HIMSS 2025 is in the books, and after days of conversations, sessions, and navigating the…
In a recent survey, it was discovered that 57% of software developers' time is spent…
In recent years, the healthcare industry has been facing a pivotal shift on the communication…