Table of Contents: Introduction



Download 244.94 Kb.
Page4/9
Date18.11.2023
Size244.94 Kb.
#62626
1   2   3   4   5   6   7   8   9
First Cloud Security Incident Response Plan V1
Critical Incidents: Immediately notify the Incident Response Coordinator and executive management. Initiate the incident response process without delay.

  • High Incidents: Notify the Incident Response Coordinator within 1 hour. Prepare a preliminary incident report.

  • Medium and Low Incidents: Notify the Incident Response Coordinator within 24 hours. Provide initial details and observations.


    4. Detection and Analysis
    4.1 Detection Tools and Mechanisms
    We employ a combination of tools and mechanisms for detecting security incidents in our cloud environment. This includes:

    • CSPM/CNAPP: Microsoft Defender for Cloud is a unified cloud-native application protection platform that helps strengthening security posture, enables protection against modern threats, and helps reduce risk throughout the cloud application lifecycle. One of Microsoft Defender for Cloud's main pillars is cloud security posture management (CSPM). CSPM provides detailed visibility into the security state of assets and workloads and provides hardening guidance to help teams to improve security posture efficiently and effectively.

    • Intrusion Detection/prevention System (IDS/IPS): FortiGate firewall configured to monitors network traffic for DDOS activity, malicious/suspicious activity and alerts the SOC team.

    • Endpoint Security: Protect and empower cloud workforce with an integrated security framework that protects every endpoint. Trellix Endpoint Security (ENS) solutions apply proactive threat intelligence and defence across the entire attack lifecycle.

    • Security Information and Event Management (SIEM): Splunk aggregates and analyses log data from various cloud services to identify potential security incidents. Includes authentication logs (sign-in logs) and a targeted set of operations for all users, as well as another set of operations for all users of interest. we collect cloud service plane logs as well as any relevant data plane logs, VPC/VNet flow logs, and any relevant specialty logs (function-as-a-service invocation logs), Application load balancer, Network load balancer, WAF logs, Firewall logs etc


    Download 244.94 Kb.

    Share with your friends:
  • 1   2   3   4   5   6   7   8   9




    The database is protected by copyright ©ininet.org 2024
    send message

        Main page