How to accelerate and automate incident response (IR) based on real-time network visibility and policy intelligence
No matter how secure we think our networks may be, the risk of a security incident is always imminent. And when it happens, analysts and incident responders need to act fast — with immediate access to data to effectively scope, investigate, and ultimately, contain the incident.
Across the many potential sources, network data continues to be the most challenging to collect, maintain, and distribute. Network, application, and cloud teams are stretched so thin, that proper documentation takes a back seat to simply “making it work”. The increasingly dynamic, hybrid nature of today’s networks means that any statically defined network and app data is often obsolete in days or even hours. Simply out, spreadsheets are no longer a viable tool for maintaining this information.
Once an incident is detected, sufficiently containing it in a feasible timeframe, poses additional challenges. In large enterprises with distributed responsibilities, it’s more than likely that teams responsible for incident response don’t have the required access or authorization to contain an incident. Instead, they must rely on other teams, who may have conflicting priorities, to get the job done.
Let’s take a look at how the Tufin Orchestration Suite can help incident response teams to work smarter and faster when faced with a potential security incident.
No matter how secure we think our networks may be, the risk of a security incident is always imminent. And when it happens, analysts and incident responders need to act fast — with immediate access to data to effectively scope, investigate, and ultimately, contain the incident.
Across the many potential sources, network data continues to be the most challenging to collect, maintain, and distribute. Network, application, and cloud teams are stretched so thin, that proper documentation takes a back seat to simply “making it work”. The increasingly dynamic, hybrid nature of today’s networks means that any statically defined network and app data is often obsolete in days or even hours. Simply out, spreadsheets are no longer a viable tool for maintaining this information.
Once an incident is detected, sufficiently containing it in a feasible timeframe, poses additional challenges. In large enterprises with distributed responsibilities, it’s more than likely that teams responsible for incident response don’t have the required access or authorization to contain an incident. Instead, they must rely on other teams, who may have conflicting priorities, to get the job done.
Let’s take a look at how the Tufin Orchestration Suite can help incident response teams to work smarter and faster when faced with a potential security incident.
*** This is a Security Bloggers Network syndicated blog from Tufin - Cybersecurity & Agility with Network Security Policy Orchestration authored by John Moran. Read the original post at: https://www.tufin.com/node/3220
