Contact Us

Cyber Security Lifecycle

At Ekagrit our Cyber Security Life Cycle plays a crucial role in the organization’s security. Our methodology includes classic cybersecurity framework modules with the flavor of Threat Modeling, Maintaining Asset Inventory to prioritize Attacks and defend vectors.

Our Solutions

How It Works

A cyber attack can be incredibly costly and even fatal to your business’s survival, whether you’re a small, midsize, or large company.
The ransomware attack on an Arkansas-based telemarketing firm, for example, forced the company to shut down operations and lay off 300 people.

To avoid a repeat of this disaster, create a security program that can assist your employees in proactively identifying and responding to cyber threats.
To accomplish so, you can use the National Institute of Standards and Technology (NIST) framework, which is employed by 73 percent of enterprises worldwide, according to Gartner (full content available to clients only).

In this article, we’ll show you how to develop a 5-phase cybersecurity lifecycle framework that may help your company strengthen its security posture in a comprehensive way.

IDENTIFY KEY ASSETS

The most important step in the cyber security Lifecycle is to identify what is to be protected.

Identification of network, protocols, topography, assets, and servers needs to be understood in order to have their information on hand before any risk occurs. A detailed drilled down information from the operating system, applications, network drives, hostname, IP addresses, and tools is expected to be with the organization. Few questions which can be asked to various teams in order to collect information can be through discussion, interviews, and forums like –

 

  • What type of information is to be protected?
  • At what location is the information?
  • Which information is crucial for the organization?
  • What is the Operating environment and system considered for customers?
  • How many routers, servers, firewalls does the system has?

The identification process may involve the below points.

Asset Management – Involves a process of operating, maintaining, deploying, and acquisition through disposal.

Business Environment – Environment for which protection is needed.

Governance – Establishment of policies and monitoring them for proper implementations.

Risk Assessment – To evaluate the potential risk involved in an activity.

Risk Management Strategy – Approach for identifying, managing, and assessing risk.

Technologies to Identify Information

Asset management software’s, Compliance management tool, Risk assessment software, Asset tracking, and Tagging software, Facility management tools, Workflow automation solutions, Strategic procurement solutions, Procurement and supplier management software’s

PROTECT DATA

After identification of the network securities and vulnerabilities now it’s time to protect your system. This phase in the cyber security Lifecycle is also referred to as the ‘MITIGATE’ phase as this eases the risk identified. The system here should be brought in in accordance with the company policies and rules. Awareness about the different techniques available in the industry should be developed among the team. This can be achieved through a series of training.

Access control – Understanding the various levels of access and grants.

Data Security – Providing the security for the data to be protected.

Information Protection and procedures– Information regarding processing storage and transmission of sensitive information.

Maintenance – Regular checks for preserving a specific condition.

Protective Technology – Technologies protecting your system environment.

Technologies to Protect Information

Identity and Access Management Solution, DLP Solutions, SIV (Signature Integrity Verifies), Intrusion Prevention Systems, Endpoint Solutions, Advance Persistent Threat Detection. System Patch Management Solutions

DETECT THREATS

No matter what level of protection a system may have, with the increasing threat today it may get compromised at any level. In the detection phase, the system may identify attack signatures and identify the level of activities carried out in the affected system. Security tools should be able to identify normal and malicious activities. This can be considered similar to the fire alarm in our offices or homes. It detects the fire in a few seconds and throws alarms to an environment. IDS (Intrusion Detection System) should be able to suspect the intrusion once it has happened. It should keep a close look at the attacks which are originated from within the system. Following factors can be considered for the same.

  • Anomalies and events: – Identifying anomalies at perimeter level is the primary job of all boundary level solutions if that fails the entire network is a playground for attackers.
  • Security continuous monitoring: – The solution should have real-time threat monitoring capability.
  • Detection process: – Detection process of finding anomalies or threats should be very quick and it should correlate all threats back to the entity so SOC analysts can add anomalies into their threat library.
Technologies to Detect Threat Information

Intrusion Detection System, Threat Intelligence Feed, Layered Defense System, User Behavior Analytics Solution, SIEM, Threat Hunting Tools, Vulnerability Assessment,

RESPOND ATTACKS

Timely action is the key to protecting the system from attacks. Considering our example of a fire alarm if the necessary actions are not taken when the fire has occurred would result in a huge loss of resources. Similarly, if timely actions is not taken against the attacks would result in greater loss of information hampering the entire business and environment. Policies against these cyber-attacks should be available prior so that timely action can be possible. Prioritization of different types of risk levels and actions against them needs to be identified clearly.

A Computer Security Incident Response Team (CSIRT) should be able to coordinate and manage all the activities from detection to documentation of the occurrence. Concisely, the below points can be considered.

  • Incident Respond Planning: – Incident management is a process of reporting the events of an organization to identify, analyze, and correct risk to prevent a subsequent re-occurrence.
  • Incident Communications: – Communication is Key for any incident response phase. This includes incident response team resources, management, and the general employee base. Sharing information with Computer Security Incident Response Team (CSIRT) about facts encircle the incident at the appropriate level, Incident time and reminding them of their duties to preserve the confidentiality of any related information can spread hearsay. It will also help for predictive intelligence and minimize the risk of information being exfiltrated from the organization.
  • Cyber Incident Analysis: – In incident analysis analyst must start with endpoint system analysis, the attacker may have left with some backdoor or attack vector for more damage. One should perform behavior analysis on all users, entities of organizational assets and try to find anomalies from that. If you find no satisfactory results then the security analyst can involve the threat hunting team to perform deep-dive analysis on logs and correlate different data sources.
  • Incident Mitigation: – Incident Mitigation is the actual process of limiting the attack surface for attackers. Applying situational controls based on all indicators of compromises. Enforcing new policies to security solutions.
  • Incident Improvements Process: –  It is a continuous evolving cycle, in this phase CSIRT needs to take care of Incident Reporting, Monitoring IOC for some time, and creating a behavioral baseline on that. Update all threat intelligence feeds and take preventive measures for all actionable items. Document every step was taken by CSIRT so that this information will be very handy for future cyber incidents.

INCIDENT RECOVER

Incident recovery is nothing but putting the entire compromised posture of the company back into a production environment. We can call this the last stage in the cyber security Lifecycle. This helps us to recover and protect a business from disaster. Documentations also need to be considered in order to understand the loopholes and improvement areas.

Recovery Planning- It’s a long-term process that goes through continuous stages of improvement. Based on the earlier lessons learned the weakness of the organization can be encountered and thus can be worked upon. The entire team working together should have a thorough understanding of the organization’s technologies, processes, interacting teams, protocols, dependency maps, and motive behind each execution plan.

How to report cyber Incident

  • How did this incident happen?
  • Did the intruder access sensitive data?
  • If so, how much sensitive information was raided?
  • Who are the attackers
  • When did the Computer Security Incident Response Team find out?
  • Who was the vulnerability internally?