Incident Response: A Key Part of a Comprehensive Security Strategy

March 29, 2018 - 1 Comment

Daily headlines reveal a continued and urgent concern —cybersecurity attacks are now a daily challenge for business leaders. As businesses rely more on technology to reduce costs and improve productivity, cyber criminals have a bigger target for hacks, malware, spyware, and ransomware. IT complexity is matched by evolved and sophisticated attacks.

According to a Cisco report, these threats are becoming increasingly lucrative for attackers. Ransomware exploits took in $1 billion in 2016, and business email fraud cost companies $5.3 billion.

Of course, there are many reasons for these cybersecurity failures. It can be as simple as not changing the default passwords on devices. Or, a cleverly disguised phishing email allowing entry to the enterprise network. Sometimes it’s lack of visibility: As the Internet of Things (IoT) converges with enterprise IT infrastructure, defenders may not even know what devices are connected to their network.

Clearly, as the bad guys get creative, the defenders of network security need to get smarter and stay one step ahead.

That’s one reason I was pleased to see the announcement of an integrated cyber security solution jointly offered by Cisco, Apple, Aon, and Allianz. It will help customers identify their security vulnerabilities, strengthen their defenses, recover from attacks, and mitigate the cost of a breach. It’s the kind of ecosystem-based approach we need as threats become more complex and pervasive.

I’d like to highlight just one aspect of what Cisco is offering to customers, either as part of this package or as a separate service: our Incident Response capabilities.

When it comes to Cisco incident response, we don’t just sit around waiting for something to happen. We proactively work with clients help them improve their security posture and reduce the risk of a data breach. We conduct readiness assessments, proactively hunt threats, and execute tabletop exercises to spot security gaps. Then, if a breach does occur, our Incident Response team brings the full weight of Cisco’s technical resources to resolve the problem, calling in product business units, security experts, and Talos researchers who provide sophisticated threat intelligence.

Different company approaches reveal lessons for how to approach security. Last year, a customer that bought an incident response retainer did not take advantage of proactive Cisco Security services. A few months later, a ransomware attack stalled operations and impacted clients. The Incident Response team responded within an hour and immediately deployed the required resources to reconfigure and deploy their security appliances. They used forensics to track the attackers, identify infiltration techniques, and plug the security gaps. Cisco’s Talos team launched a war room to do global research to triangulate on the ransomware.

Within a few days, the customer understood their security gaps that allowed the breach. The Cisco Incident Response team made a series of recommendations to improve their security posture and to help with ongoing monitoring. Of note, during the breach, the customer called another vendor to work in parallel to Cisco to address the issues. That company worked for a week before presenting initial findings – the same information Cisco provided within mere days. In the end, the customer told us team that they would not have survived the attack without our Cisco team.

That’s just one reason I’m passionate about our Cisco Services teams. Time after time—with rapid response times, predictive analytics, and network intelligence—we deliver extraordinary business results for our customers.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Thanks.
    Correct me if I am wrong. According to the PNG Communication laws, I understand that CISCO works closely with the Cyber Crime Unit and should be responsible for charging those who hide behind pen names and intimidate, swear, abuse, threaten, use another person's name and identity to send pornographic/nude pictures etc. Why do we have the mobile phone numbers registered?
    While I do understand the marketing processes, I still believe that pornography should not be marketed on educational institutional websites.
    I had experienced almost all of the under mentioned crimes against me from time to time and yet no one has been or whether there are some data available to show how many have been arrested and charged for committing these cyber crimes.
    CISCO is a very responsible organization and professional watch dog and as such must take every precautionary measure available to prevent polluting the minds of youths and children in schools, colleges and higher institutions of learning.
    At the end of the day, we (speaking on behalf of all educational organizations) do not want to raise rapists who have watched all the pornographic videos night after night and will go out into the world and start raping women and girls.
    CISCO, we trust that you will make sure the above mention crimes are prevented through your filtering processes before they reach the audiences.
    I for one am passionate about Teaching and Learning Online but not learning about 'pornography' or 'how to make pornography' or marketing it for that matter.