Remediation of detected threats when the notification comes from outside your organization

  • 15 January 2019
  • 0 replies

I've been tasked with responding with a policy & procedures walk-thru for "what do we do when we have been informed that we have a threat in-house".

I'm looking for documentation that would give better sample responses than whitepapers that say "use us and we will remediate your threat for you"...

I am aware of (and am investigating IDS type tools), but I am working from the premise that *something* got inside the enterprise; now how to find it and eradicate it...

I'm working from
  1. Escalate security on a deep-packet device like a sonicwall.
  2. run a in-depth manual scan of all servers and workstations.
  3. add realtime packet inspection to more of the services (looking for traffic).
  4. then... remediate and clean as necessary.

0 replies

Be the first to reply!