Table of Contents: Introduction
Download 244.94 Kb.
|
- Navigate this page:
- Medium and Low Incidents
- Intrusion Detection/prevention System (IDS/IPS)
- Security Information and Event Management (SIEM)
| Critical Incidents: Immediately notify the Incident Response Coordinator and executive management. Initiate the incident response process without delay.
High Incidents: Notify the Incident Response Coordinator within 1 hour. Prepare a preliminary incident report. Medium and Low Incidents: Notify the Incident Response Coordinator within 24 hours. Provide initial details and observations. 4. Detection and Analysis 4.1 Detection Tools and Mechanisms We employ a combination of tools and mechanisms for detecting security incidents in our cloud environment. This includes: CSPM/CNAPP: Microsoft Defender for Cloud is a unified cloud-native application protection platform that helps strengthening security posture, enables protection against modern threats, and helps reduce risk throughout the cloud application lifecycle. One of Microsoft Defender for Cloud's main pillars is cloud security posture management (CSPM). CSPM provides detailed visibility into the security state of assets and workloads and provides hardening guidance to help teams to improve security posture efficiently and effectively. Intrusion Detection/prevention System (IDS/IPS): FortiGate firewall configured to monitors network traffic for DDOS activity, malicious/suspicious activity and alerts the SOC team. Endpoint Security: Protect and empower cloud workforce with an integrated security framework that protects every endpoint. Trellix Endpoint Security (ENS) solutions apply proactive threat intelligence and defence across the entire attack lifecycle. Security Information and Event Management (SIEM): Splunk aggregates and analyses log data from various cloud services to identify potential security incidents. Includes authentication logs (sign-in logs) and a targeted set of operations for all users, as well as another set of operations for all users of interest. we collect cloud service plane logs as well as any relevant data plane logs, VPC/VNet flow logs, and any relevant specialty logs (function-as-a-service invocation logs), Application load balancer, Network load balancer, WAF logs, Firewall logs etc Download 244.94 Kb. Share with your friends:
|