May 16, 2023

A Cyber Incident! The first 72 critical hours

Cyber defenders have no easy job. Tasked with keeping their organisations safe from cyber attack every minute of every day, all the while completing all the day to day and other re-occurring maintenance and upkeep tasks, planning for the future, and dealing with the unexpected.

Cyber defenders have no easy job. Tasked with keeping their organisations safe from cyber attack every minute of every day, all the while completing all the day to day and other re-occurring maintenance and upkeep tasks, planning for the future, and dealing with the unexpected. When an unexpected cyber incident occurs, the overall impact to the business can all hinge on what happens in the first hours and days after detecting the breach.

The reality is that there are no guarantees in cyber security, or perhaps there is only one guarantee; that there is no such thing as “perfect security”. Preparing for failure is therefore a critical aspect of good cyber security practice. When an adversary gets in, being able to respond quickly and in a manner that effectively balances pressures from the business to “get our systems back online ASAP” against the need to ensure a full understanding of the adversary’s presence is all part of the Incident Response (IR) playbook.

In the minutes and hours after detecting that an adversary has established presence in an organisation, organisations often turn to trusted Incident Response (IR) partners which have the expertise, honed by battle-hardened experience, in managing the complexities of investigation, analysis, response, and remediation. These IR partners arrive quickly, rapidly deploy the tools they rely on to perform their work, work relentlessly to understand the scope the incident, formulate a plan to permanently remove the adversary, and all the while provide guidance and insights to the organisation they are helping.

VMware Carbon Black is a proud partner with Fox-IT, and their FoxCERT Incident Response team. As part of the global NCC Group, FoxCERT trusts VMware Carbon Black as their EDR tool of choice to provide deep insights into adversary behaviour on endpoints and workloads. If you’ve ever wondered just what an expert IR team, such as FoxCERT, experience during the first 72 hours of a breach investigation this blog is for you.

Organisation and individual names have all been kept anonymous. An adversary has gained a foothold in an organisation’s business systems. FoxCERT is about to get a call. Strap in for the ride…

Associated Content

home-carousel-icon From the action bar MORE button.

Filter Tags

Blog Detection

Sowmya Jayakirthi

Read More from the Author

Content Marketing Manager Hello, I'm Sowmya Jayakirthi, a seasoned professional with an impressive 17 year track record in the field of technical writing. With expertise in creating clear and concise documentation, and has effectively communicated complex concepts to diverse audiences. In addition, I bring in a year of experience as a content strategist, leveraging my strategic mindset to develop impactful content strategies. My passion is to deliver high-quality technical content and drive effective content strategies for Carbon Black Tech Zone.

VIEW MORE

Simon Perry

Read More from the Author

Senior Product Marketing Manager, VMware Carbon Black