Recommendations for small/medium-sized businesses enabling incident response
Security incidents are inevitable. While large businesses can afford security teams to prepare and respond to incidents, this expense is typically out of reach for small/mediumsized businesses (SMB). SMBs generally can't afford to have security professionals tune and care for their environments. SMBs are more likely for a cyber intrusion to have criminal intent than large companies, and they have less resources to be prepared. Eleven (11) sets of incident response documentation, taken from real-life incidents, were reviewed to determine what configurations in the investigated environment enabled or inhibited effective incident response. Thorough research into the viability of implementing these findings in SMB environments was conducted, and a series of recommendations were derived from this dataset. These recommendations are spread across five (5) key categories: contractual, documentation, logging, operational, and training. Finally, a scenario involving the compromise of a fictitious organisation has been detailed, illustrating the difference that implementing these recommendations may have on an incident response engagement. A review of the process and output shows the immense value derived from these kinds of reviews. While the nature of the original documentation sets makes it unlikely similar datasets will ever be made public, it also shows that valuable information can be sufficiently abstracted for public consumption and benefit, with value for SMBs.
SANS-recommendations-small-medium-sized-businesses-enabling-incident-response (PDF, 4.41MB)
17 Jan 2022Related Content
SANS 2024 Multicloud Survey: Securing Multiple Clouds Amid Constant Changes
Research PaperThis white paper offers invaluable knowledge to help you navigate the complexities of securing...
- 27 Aug 2024
- Kenneth G. Hartman
Cheap Malware Calls for Cheap Defense: Shellcode and Defense Tools on an SMB Security Budget
Research PaperThis research will examine the varieties of free and open-source tooling available for...
- 16 Aug 2024
Threat Intelligence-Driven Attack Surface Management
Research PaperDefenders struggle to keep up with the pace of digital transformation in the face of an expanding...
- 9 Aug 2022
How to Build and Use an Incident Response Playbook Effectively
Research PaperAn effective incident response playbook provides structure and clarity during high-pressure security events.
- 25 Jul 2022
Windows 10 vs. Windows 11, What Has Changed?
Research PaperWindows 10 was released on July 29, 2015. It has since become the most installed desktop operating...
- 25 Jul 2022
Malware Function-based encryption technique
Research PaperRecent malware often uses techniques to evade detection by cybersecurity products. One of the...
- 22 Jun 2022
Detecting Unauthorized Behavior From Legitimate Accounts
Research PaperIncident Responders face an almost insurmountable amount of log events, and the move to the Cloud...
- 22 Jun 2022
Recover an RSA Private Key from a TLS v1.2 session
Research PaperCyberattacks happen every day.Most organizations have administrative and technical controls...
- 22 Jun 2022
Cyber Guardian Exercise: A Case Study in Brazil to Address Challenges in Cybersecurity and Protect Critical Infrastructure
Research PaperDiscussions of cybersecurity, in particular those associated with critical infrastructure (CI),...
- 22 Feb 2022
Black-Box Fuzzing for Android Native Libraries
Research PaperMany Android application developers are adopting C\C++ native language development in their Android...
- 12 Jan 2022
Cloud Forensics Triage Framework (CFTF)
Research PaperDigital media forensic investigations come in multiple forms and span single assets - from thumb...
- 28 Jul 2021
EDR Evasion: Stranger things in a payload
Research PaperTackling enterprise security has many pitfalls. Yet, the emergence of Endpoint Detection & Response...
- 28 Jul 2021
Machine Learning Techniques for Intrusion Detection
Research PaperThis paper aims to equip intrusion analysts with the basic techniques needed to apply machine...
- 9 Jun 2021
CIS CSC Controls vs. Ransomware: An Evaluation
Research PaperCybercriminals continue to develop and enhance both new and existing ransomware variants, exploiting...
- 19 May 2021
Missing SQLite Records Analysis
Research PaperThis article will specifically discuss the identification of missing records, within the SQLite...
- 12 Mar 2021
Insider Threat The Theft of Intellectual Property in Windows 10
Research PaperThe prevalence of the theft of intellectual property investigations has grown over the past years...
- 11 Mar 2021
A Forensic Analysis of the Encrypting File System
Research PaperEFS or the Encrypting File System is a feature of the New Technology File System (NTFS). EFS...
- 24 Feb 2021
Tactical Linguistics: Language Analysis in Cyber Threat Intelligence
Research PaperThe capability to effectively collect and analyze data in strategic foreign languages when...
- 15 Jan 2021
Practical Process Analysis - Automating Process Log Analysis with PowerShell
Research PaperWindows event log analysis is an important and often time-consuming part of endpoint forensics. Deep...
- 29 Dec 2020
Incident Response in a Security Operation Center
Research PaperCybercrime dates back to the late 1700s and remains a threat today. By observing current threats,...
- 27 Aug 2020