11:11 Systems Director of Product Market Intelligence Brian Knudtson is joined by guests Jason Carrier, Richard Kenyan, and Christian Mohn for a conversation about the keys to an effective Incident Response plan. They discuss the importance of good communications, how to handle cloud providers, and some of the best and worst examples. This communication needs to be intentional and, once communication paths are defined and tested, the plan should be iterated on constantly.
[03:07] Jason, what are the key elements an organization should have in their incident response plans?
[05:33] Christian, when operating in the cloud, which is very much part of your supply chain, your vendor management partnerships, what level of participation can companies expect from those cloud providers during planning, testing, and execution of their incident response plans?
[14:41] Richard, maybe you could share with us some examples of the best and worst communications that you’ve seen during security incidents and what lessons could be learned from each?
[01:56] “Like everything else we’re doing, it’s all about communication, right? So that’s key. Communicating with other people, communicating with the outside world, communicating and making sure that everyone’s on the same page.” — Christian Mohn
[03:13] “It’s really important that they really document how they’re going to respond to the threats, how they’re going to triage or determine the severity of what’s going on.” — Jason Carrier
[06:56] “You need to make sure that you are aware of which parts of that infrastructure as a whole you are responsible for as the customer and which parts the provider is responsible for.” — Christian Mohn
[10:50] “Is that postmortem taking place on the cloud side, or are you as a corporation consuming those cloud services then externally paying a consultant or a cyber protection company to come in and do it for you” — Richard Kenyan
[13:23] “It kind of underscores the importance of establishing relationships ahead of time when things are routine communication and, you know, the building’s not on fire.” — Jason Carrier
[19:53] “There was some communication benefits to what eBay did, and there was some communication flaws to what Equifax did. And it revolves around communicating to the people who consume your services from the outside.” — Richard Kenyan
[20:25] “The scary thing is the threat you don’t know about yet.” — Jason Carrier
[25:25] “There’s a downside, to over communicating, too. Sometimes you get a bad read on a situation and if you start broadcasting that, you’re really just muddying the water, not helping anything.’” — Jason Carrier
[26:54] “But, putting in that effort, while not tipping off your adversaries, makes the non-IT public a little calmer, as well as all the news journalists and tech IT people” — Richard Kenyan
Information overload is real, but security shouldn’t suffer because of it.
Utilize a Managed SIEM system to identify threats from across the infrastructure through centralized logging, automation, and analysis.
By combining a powerful SIEM tool and years of human analysis and expertise, 11:11 Systems can help you with:
- Log management
- Real-time monitoring
- Correlation and automation
- 24x7x365 analysis and support