April 24, 2020
Incident Response : Mitigation tasks library
The objective is to have a set of standard and common containment and mitigation tasks that gets applied during a response. While handling an adversary it helps to know what all steps we can possibly do and then accordingly take action based on which part of the kill chain the adversary is in.
Reasoning – The adversary keeps changing their tactics and techniques. They have access to sophisticated code bases. Today is the age of Generative Adversarial Networks(GANs). The defender needs to be able to use his mitigation libraries to generate decisive playbooks on the fly when required.
Strategy Mitigation tasks
Tactical Mitigation tasks
- Strategies to mitigate by ACSC
- Prioritized strategies to Mitigate Cyber Security Incidents by ACSC
- US CERT Alert (AA20-245A) – Technical Approaches to Uncovering and Remediating Malicious Activity