When an incident occurs, SOCs tend to respond based on defined processes and procedures to mitigate the threat and protect the network. When attackers target networks or systems, however, they tend to use multiple TTPs (tools, tactics and procedures) to compromise them, maintain presence and exfiltrate data. While responding to an incident, it is imperative to understand the entire scope of the incident, including the compromise of other networks/subnetworks, related incidents and threat attribution, wherever possible. Once the SOC has visibility into these aspects, it becomes much easier to respond to the incident and mitigate the threat as well as improve visibility and response to such threats in the future.
As a member we will keep you informed. Get exclusive invites to events, Unit 42 threat alerts, and the latest cybersecurity tips.