Phase 1: Prepare
Understand threats and emerging attack patterns, and develop test plans and simulations to assess how your organization鈥檚 defenses and controls actually work. Cyber Threat Management services include:
- Cyber threat intelligence
- Crowdsourced attack models
- Continuous simulation of attacker techniques and behaviors
Related Content
Phase 2: Prevent
Based on the results of Phase 1 tests, coordinate with other security teams to patch systems, remediate vulnerabilities, and take other steps to block attacks from succeeding. Cyber Vulnerability Management services include:
- Integrated vulnerability scanning and monitoring
- Control testing potential exploits and attack patterns
- Penetration testing and breach-readiness testing
- Risk-based prioritization, patch management, and control tuning
Related Content
Phase 3: Detect
Create and test behavioral analytics that enable hunt teams and security operations center analysts to monitor for threats. Cyber Detection, Hunt, and Event Management services include:
- Proactive, preemptive signature detection
- Alert-based triage
- Threat hunting focused on 鈥渒ill chain鈥 behaviors and MITRE tactics, techniques, and procedures
Related Content
Phase 4: Respond
Remain prepared at all times to detect, mitigate, and rapidly contain cyber attacks. Cyber Incident Management services include:
- Established scenario testing
- Incident validation
- Incident response
- Investigation, analysis, forensics, and classification
- Containment and removal
Related Content
Phase 5: Recover
Minimize disruptions to business operations, protect essential assets, and accelerate the remediation and recovery process. Cyber Recovery Management services include:
- Multisite failover with expanded cloud-based delivery
- Service restoration
- Enhanced monitoring of remediated systems and associated signatures
- Reporting on lessons learned