Skip to main content

6. Incident Response Preparation

You are here:
< All Topics

Incident Response Preparation provides the Network Security Team and Compliance Team with capabilities that allow for:

  • Align network architecture understanding and break silos through a single pane of glass
  • Train first responders and harden defense via realistic attack scenario simulation
  • Prioritize vulnerability mitigation faster

Network Architecture Understanding

Monitoring for indicators of compromise allows organizations to better detect and respond to security compromises. When the security team discovers a potential compromise, NP-Live can assist with incident response by quickly identifying critical paths to the compromised system.

For example, critical host BCC_DB_A, a database server on the network, is experiencing increased reads.

Train First Responders

Users can be trained to use NP-Live to quickly assess the situation. NP-Live shows each host with the inbound and outbound paths. In tis example, the inbound port, 1443, is the likely target for the increased database activity.

The topology map displays the 9 connectivity paths using this port.

Prioritize Vulnerability Mitigation

Stepping stones are hosts in a network which could be compromised and used by malicious attackers to perform lateral movements. Attackers hop from one compromised host to another to form a chain of stepping stones before launching attack on the actual target host.

Using the stepping stone analysis, the security team can quickly identify the paths of concern and the number of steps away from the compromised system other important assets are and can quickly prioritize a remediation plan.

 

 

Table of Contents