At OnPage, we spend lots of time thinking about how to apprise people about the importance of critical IT alerting. So when our CEO Judit Sharon emailed me about an upcoming webinar from HIMSS entitled: Incident Response is the New Black – A Must Have For Your Security Strategy, I was intrigued. I wanted to know how the speaker would entertain alerting in incident response.
As it turned out, while the webinar was fascinating, the discussion focused on response dictionaries and procedures and did not mention critical alerting at all. I was left wondering, why would an organization focus solely on incident response to save their IT? How can an organization have an effective incident response platform without a critical alerting platform? In the vein of fashion, wouldn’t the scenario be like having pants but forgetting to button them? If you forget to button your pants, they will fall down. Without proper critical alerting your response posture will crack.
The real pain caused by attacks is the reason so many IT offices – either as sole practitioners or as centers within hospitals, law offices or other businesses – are focused on incident response to security events. And a simple look at the statistics is enough to shock even the most even keeled of IT professionals. According to recent stats:
To handle the breadth and impact of these incidents, IT centers develop robust policies to handle these situations. The companies develop playbooks and procedures. Yet when an inside employee enables an attack and the breach occurs, rather than receiving a persistent and immediate alert, the on-call engineer simply receives an email or a phone call. Maybe they also get a text. How well do you think an alert through one of these channels performs in getting the attention of the on-call engineer?
If an IT center or office has intelligently designed their principle of least privilege (POLP) whereby they provide only the access an individual needs to perform their job, the organization will have a strong sense of what privileges are enabled and who has what access. The organization will also have a strong knowledge of what is considered normal and what is considered anomalous behavior on their network.
POLP enables preemption of both malicious and accidental breaches by narrowing the list of possible points of exploitation –which in turn narrows the list of possible users that might be suspected or held accountable. When an alert does occur because someone has improperly accessed a point on the network, OnPage will allow officials to recognize critical situations in real time.
Critical alerting enables:
Security officials can then turn to playbooks to know exactly the steps they should follow. Excel is not a viable option for playbooks. Instead IT staff need a robust database which enables them to:
An effective incident management system (IMS) will combine these capabilities with a robust alerting system like OnPage. When endpoint and network monitoring systems are integrated with OnPage’s critical alerting platform, responders are immediately notified of anomalous events.
After the attack has been alerted to and resolved, it is important to implement a post-mortem to review how well the team performed. As part of the post-mortem, teams should look at how long it took them to recognize the attack; how long it took them to alert to the attack; how long it took them to respond to the attack; and how long it took them to resolve the attack. By knowing these metrics, teams can minimize their Mean Time Til Resolution (MTTR).
Additionally, by reviewing MTTR, teams will have a metric by which they can review their response time to other incidents and see what impeded or improved their response time. Only through acknowledging the importance of this metric and bringing it into the IT wheelhouse, can teams respond effectively.
Without the addition of the OnPage critical alerting platform, an IMS is just a pair of pants without a button. IMS needs OnPage to keep its pants on.
Learn more about how OnPage can help your company enable critical alerting and have the confidence to respond quickly, and seamlessly to any IT breach. Download our whitepaper today.
We’re thrilled to announce the launch of OnPage’s new Multiple Account Login feature. Designed to…
Whether it's your first or hundredth home call shift, preparing yourself both physically and mentally…
Gartner’s Magic Quadrant for CC&C recognized OnPage for its practical, purpose-built solutions that streamline critical…
Site Reliability Engineer’s Guide to Black Friday It’s gotten to the point where Black Friday…
Cloud engineers have become a vital part of many organizations – orchestrating cloud services to…
Organizations across the globe are seeing rapid growth in the technologies they use every day.…