Incident Response
April 24, 2020

Incident Response : Mitigation tasks library

By venkat

The objective is to have a set of standard and common containment and mitigation tasks that gets applied during a response. While handling an adversary it helps to know what all steps we can possibly do and then accordingly take action based on which part of the kill chain the adversary is in.

Reasoning – The adversary keeps changing their tactics and techniques. They have access to sophisticated code bases. Today is the age of Generative Adversarial Networks(GANs). The defender needs to be able to use his mitigation libraries to generate decisive playbooks on the fly when required.

Strategy Mitigation tasks

Incident_Response_Mitigation_Tasks
CLICK & Experience live.

Tactical Mitigation tasks

https://atc-project.github.io/react-navigator/
Sincere thanks to Australia ACSC.
Sincere thanks to US Cert.

References

  • Strategies to mitigate by ACSC
  • Prioritized strategies to Mitigate Cyber Security Incidents by ACSC
  • US CERT Alert (AA20-245A) – Technical Approaches to Uncovering and Remediating Malicious Activity
Tagscountermeasures incident response

About The Author

Venkat is founder of FlexibleIR. He brings 20 years of experience in building tools and products at Sun Microsystems, Intel, Novell, HP, Yahoo,Tesco and startups. He has developed test suites and frameworks for post silicon validation of the Xeon processor family (Fuzzing). He has worked deeply on UFS files system at SUN Microsystem. Was a security paranoid at Yahoo.

Leave a Reply