Proud to Launch the Cohesity Clean Room
Over the past few months we at Cohesity have been busy building a solution that deals with some fundamental problems organisations face when they have a destructive cyber attack. I’ve brought my hands-on experience in leading incident response to some of the World’s most infamous attacks together with the product expertise of our engineering teams to produce something that will deliver instant improvements in an organisation’s preparedness for a ransomware or wiper attack.
These challenges are poorly understood due to the shared ownership response and recovery between IT and Security Operations. They’re missing from most desktop exercises I’ve participated in (which I why I recommend that executives attend one of my Ransomware Resiliency Workshops to discuss trends, best practices and sanity check their existing plans). It’s often only after an incident that these incorrect assumptions or disconnects between the functional teams come to light.
Challenges that organisations face that we’ve looked to address with the Cohesity Clean Room include:
A lack of resilience in dial-tone services such as DNS, communications, authentication and physical access control can result in delays in incident response. How do we ensure these services are rapidly restored to a trusted state?
An over-reliance on remote and end-point digital forensics and incident response tooling that are susceptible to defence evasion (that has more techniques in that MITRE ATT&CK tactic than any other) and may not function once the organisation has implemented containment to prevent the spread of the attack. How can we support the security operations team in their investigatory tasks, such as complying with mandated regulatory notifications, forensics and threat-hunting in an effective and efficient manner, even if we’ve isolated hosts?
There is a lack of integration between the security operation’s investigatory response processes and the IT operation’s mitigation and recovery processes. Too often, organisations suffer an extended recovery time due to reinfection caused by premature recovery without taking the appropriate steps to patch vulnerabilities, remove malicious accounts, remove persistence mechanisms from configurations, purge phishing emails from inboxes and delete other artefacts of the attack. How do we get Security and IT Operational processes and platforms integrated to minimise the impacts of destructive cyber attacks?
Head over to the Cohesity Clean Room to learn how we’ve solved these problems.
