Incident Response & Malware Analysis
When an incident occurs in the organization then the incident response team is responsible for taking action on the basis of risk prioritization. They may take the following decision as per organizations’ policy:
- They may Mitigate the risk
- They may Ignore the risk
- They may Transfer the risk
- They may Accept the risk
Incident Response (IR) plans are designed to test your company’s ability to respond to a security incident. The ultimate goal is to handle the situation so that it limits the damage to the business while reducing recovery time and costs.
Approaches we follow for successful incident response
- Address business vulnerability and assign roles and responsibility
- Identify relevant business departments and get them involved
- Identify Key Performance Indicators(KPIs) to measure the event
- Testing of the plan
- Review the plan constantly
- Determine incident
- Team formation and lead by IR analyst
- Right tools implementation
- Establishment of communication strategy
The goal of malware analysis is to gain an understanding of how a specific piece of malware functions so that defences can be built to protect an organization’s network. There are two key questions that must be answered.
The first: how did this machine become infected with this piece of malware?
The second: what exactly does this malware do?
Countermeasures of malware
After a lot of malware analysis different approaches, we follow for malware defence
- Firewall System
- Web filtering system
- Intrusion/Prevention Detection System (IPS/IDS)
- Host-based Intrusion Prevention System(HIPS)
These technologies help to protect the sensitive information from getting exploited by malware.
