www.secureworks.com
Open in
urlscan Pro
13.107.237.59
Public Scan
Submitted URL: https://sales.secureworks.com/t/100210/c/ebbd828a-f0f4-41ef-a1d8-ea865ad6fb3e/NB2HI4DTHIXS653XO4XHGZLDOVZGK53POJVXGLTDN5WS6YTM...
Effective URL: https://www.secureworks.com/blog/5-takeaways-from-incident-response-engagements
Submission: On April 05 via api from NZ — Scanned from NZ
Effective URL: https://www.secureworks.com/blog/5-takeaways-from-incident-response-engagements
Submission: On April 05 via api from NZ — Scanned from NZ
Form analysis
0 forms found in the DOMText Content
Skip to main content NEW REPORT 2022 State of the Threat: A Year in Review * Experiencing a Breach? * Contact Us * Support * Login * Blog * English * Products * Services * Why Secureworks * Partners * Resources Request Demo Close Close 0 Results Found * Products * Products, Services & Solutions * Insights * About * Contact * Other Back To Results * * Cybersecurity Threat Intelligence Blogs * 5 Takeaways from Incident Response Engagements Business Imperatives 5 TAKEAWAYS FROM INCIDENT RESPONSE ENGAGEMENTS Real-world insights from customer engagements can help other organizations improve their security posture. Tuesday, July 12, 2022 By: Rebecca Taylor, Incident Response * * * * Every year, Secureworks® incident responders help customers contain and remediate hundreds of cybersecurity incidents. The insights and trends discovered during these incident response (IR) engagements can help organizations make smarter decisions about cybersecurity strategy and tactics. Although the threat landscape and incident details fluctuate, five takeaways from 2021 engagements remain relatively consistent. TAKEAWAY #1: RANSOMWARE CONTINUES TO DRIVE THE NEED FOR BETTER THREAT DETECTION. Post-intrusion ransomware is consistently the top reason that organizations request Secureworks IR engagements. Cybercriminals are increasingly adopting “name-and-shame” tactics, pressuring victims to pay ransoms by threatening to publicly release stolen data. This approach goes beyond simply holding encrypted data hostage. Organizations must improve their ability to quickly discover, identify, and neutralize threat actors who have accessed the network. The better the threat detection, the better the chances of mitigating a compromise before the threat actors deploy ransomware. TAKEAWAY #2: VULNERABLE INTERNET-FACING SYSTEMS ARE A COMMON INITIAL ACCESS VECTOR (IAV). In 2021, exploitation of vulnerabilities in internet-facing systems (also known as scan-and-exploit attacks) displaced credential-based attacks as the most common IAV observed in Secureworks IR engagements (see Figure 1). There could be various explanations for this shift: organizations are increasing implementation of multi-factor authentication (MFA) to protect credentials, threat actors have improved their ability to weaponize exploit code that the cybersecurity community publishes when vulnerabilities are publicly disclosed, or infrastructure is being built out more rapidly than organizations can secure it. Figure 1. IAVs observed during Secureworks IR engagements in 2021. Due to rounding, the percentages may not add up to 100%. (Source: Secureworks) Whatever the reason, one thing is clear: organizations must improve the speed and scale at which they can perform vulnerability assessments and remediations. In addition, given that no organization can patch every vulnerability in real time, it is vital to invest in vulnerability detection and response (VDR) technology. This technology enables organizations to prioritize patching activities based on the actual risk to the business. TAKEAWAY #3: SINGLE-FACTOR AUTHENTICATION IS A LIABILITY. Most of the IR engagements involving stolen credentials revealed threat actors authenticating to remote access solutions that did not enforce MFA. It is important for organizations to implement MFA across their environment and ensure that it is configured correctly. Organizations should also invest in rapid, reliable threat detection that is based on behavioral clues across all endpoints, network infrastructure, and cloud resources. TAKEAWAY #4: EMAIL-BASED ATTACKS CONTINUE TO EVOLVE. Phishing and spearphishing emails are common and can include malicious links and attachments. Attacks that use third-party services such as social media, victims’ personal webmail, and popular file-sharing sites for hosting malicious content can be particularly difficult to prevent because these services are not governed by enterprise security controls. As more employees work from home and access enterprise and personal resources on the same devices, it becomes easier for attackers to exploit personal contacts to gain enterprise access. User education is a critical defense against email-based compromise. Training employees to recognize and report phishing attempts can limit the success of these attacks. The awareness can also help employees avoid compromise of their personal information. TAKEAWAY #5: FUNDAMENTALS ARE FUNDAMENTALS FOR A REASON. Attackers often seek the path of least resistance. Organizations can prevent or quickly detect and remediate many incidents by implementing basic cybersecurity practices. Secureworks incident responders provide tailored recommendations to affected organizations. Common recommendations address management of vulnerabilities, accesses, and logs. Figure 2 lists the most frequent recommendations provided during Secureworks IR engagements in 2021. Figure 2. Most common recommendations provided during Secureworks IR engagements in 2021. (Source: Secureworks) Learning from Incident Response — Get the latest insights from the cyber trenches Download Report YOU MIGHT ALSO LIKE * Incident Response Life Cycle – Phases for Effective IR * Incident Response Preparation Phase in Cybersecurity * Proactive Incident Response Readiness STAY INFORMED Get the latest in cybersecurity news, trends, and research SEND ME UPDATES NOW TRENDING... * 2022 State of the Threat Report * XDR vs. SIEM: A Cybersecurity Leader’s Guide * Modernize Your Security Operation Center with XDR * MDR Done Right * EDR, XDR, MDR: Filtering Out the Alphabet Soup of Cybersecurity Secureworks Taegis™ Security Analytics + Human Intelligence Delivers Better Security Outcomes About Taegis LATEST REPORT Reports 2022 State of the Threat Report Tags: * incident response Enjoyed what you read? Share it! * * * * RELATED CONTENT Infographics THE WINDOW OF OPPORTUNITY FOR STOPPING A RANSOMWARE ATTACK Podcasts MOVING BEYOND THE ENDPOINT: WHY EDR ISN’T ENOUGH Reports LEARNING FROM INCIDENT RESPONSE: 2022 YEAR IN REVIEW Infographics THE WINDOW OF OPPORTUNITY FOR STOPPING A RANSOMWARE ATTACK Podcasts MOVING BEYOND THE ENDPOINT: WHY EDR ISN’T ENOUGH GET THE LATEST UPDATES AND NEWS FROM SECUREWORKS. Subscribe Now PRODUCTS * DETECTION & RESPONSE * XDR * MDR * Threat Hunting * Log Management * MITRE ATT&CK Coverage * ENDPOINT SECURITY * EDR * NGAV * NETWORK SECURITY * IDPS * VULNERABILITY MANAGEMENT * Vulnerability Risk Prioritization SERVICES * ASSESS & PLAN * Threat Hunting Assessment * Vulnerability Assessment * Ransomware Readiness Assessment * BATTLE TEST & EXERCISE * Application Security Testing * Adversary Exercises * Penetration Testing * INCIDENT RESPONSE * About Emergency Incident Response * Emergency Breach Hotline WHY SECUREWORKS * Why Secureworks * Corporate Overview * Corporate Responsibility * Careers * Investor Relations RESOURCES * Blog * Resource Library * Case Studies * Data Sheets * Industry Reports * In the News * Knowledge Center Library * Live Events * Threat Resource Library * Threat Profiles * White Papers * Webinars * Podcasts * Videos GET IN TOUCH * Experiencing a Breach? * Contact * Support * Login ©2023 Secureworks, Inc. * Privacy Policy * Supply Chain Transparency * Terms & Conditions * Accessibility Statement * Unsubscribe * Cookie Settings By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Accept All Cookies Reject All Cookies Settings PRIVACY PREFERENCE CENTER When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. Allow All MANAGE CONSENT PREFERENCES PERFORMANCE COOKIES Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. TARGETING COOKIES Targeting Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. FUNCTIONAL COOKIES Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. STRICTLY NECESSARY COOKIES Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. Back Button COOKIE LIST Search Icon Filter Icon Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label Reject All Confirm My Choices