technical: clean-up

Rapid Containment of Intrusions

by Brent Kirkpatrick

(Date Published: 2/7/2018.)

Stopping hackers means quickly taking intrusions from detection to containment.

A single intrusion is the successful circumvention of layers of security measures. To stop a hacker who circumvented multiple layers, multiple vulnerabilities need to be addressed. Rapid containment of intrusions is one step in rapid response to breach. Containment must happen before remediation.

Containment necessitates identifying the vulnerabilities that were exploited and finding solutions to them. Suppose that you know a priori the line of code that was exploited by the hackers, perhaps they bragged about how they got in. Then containment might involve blocking network traffic to that application, ceasing to use that application, or patching that precise line of code.

After hacking is discovered, rapid containment means quickly finding multiple vulnerabilities and solutions to them. The discovery of vulnerabilities is usually a months-long or years-long process, if we think about the software test life-cycle. How do we take a long process and shorten the time-line to provide rapid response?

We need to use science to quickly detect the vulnerabilities, rapid development methods to find the line of code, and software skills to patch or mitigate the problems. Ideally, all of this would be done under one roof, with the cybersecurity people talking directly to the developers who patch the software.

Intrepid Net Computing is a software company that does cybersecurity using a rapid containment model.

defendIT (TM). AI-driven security measures derived from security incident data.

Business Articles

Ransomeware
Trojan-worms
Trojan-Updates
Spectre and Meltdown

Why Clean-Up Hacking?
Cascading Data Breaches