Analecta Cyber Company Blog: May 2018


Collaborating with Threat Sharing Groups

Collaborating with Threat Sharing Groups - Analecta-LLC Graphic Ongoing contact with security groups and associations, especially affiliated with your organization’s industry, can be a vital source of threat information. The threat landscape changes so rapidly that one organization in a sea of thousands has no chance of keeping up on their own. However, if industry-specific companies share their learned cyber threat information, they have a chance to shape what that threat landscape looks like.


Creating an Incident Response Plan

creating an incident response plan - spilled coffee on keyboard graphic
twitter logo - Analecta LLC Creating an Incident Response Plan
"We have a cyber incident. This is not a drill.” Although this is not a declaration any business hopes to utter, the fact is we live in an era of nearly continuous data compromises. It is important for businesses to develop a comprehensive incident response plan to be better postured for when the eventual happens. Without a response plan, an incident may be costly and in the most severe cases, detrimental to a company’s survival. It is no longer a matter of if an incident will occur. Will your company be ready when it does occur?


Defining Incident Thresholds Before They are Needed

Defining Incident Threshold article header graphic - Analecta LLC Imagine this scenario: Hackers have compromised critical business systems and are exfiltrating data on your company’s network! Do you allow the activity to continue and observe so you can remove any and all possible access? Or, do your pull the plug from the public Internet to stop the intrusion?


The Importance of Understanding Your Company’s Network Traffic Flow

Understanding network traffic flow - early warning system - Analecta LLC Graphic Network Intrusion Detection Systems (IDS) provide data about your company’s system traffic, specifically, its origin, destination, timestamp and volume. Implementing these types of network devices offers a good return on investment by providing a way to aggregate, chart and monitor information about your network in order to improve the speed in which deviations from a network baseline can be detected. 


Improving the Intrusion Detection Process

Improving the Intrusion Detection Process - NIST Cybersecurity Framework - graphic Congratulations! You heeded the advice of implementing a security information and event monitoring (SIEM) system on your company’s network – one that combines network monitoring and intrusion detection system (IDS) / intrusion protection system (IPS) alerts.

When the system begins to detect potential intrusion events, one of the biggest challenges your IT team will face is the massive amount of events that will trigger alerts. Small and medium-sized businesses (SMBs) can expect to face several hundred alerts or more a day. Unprepared, there are simply too many alerts and events to handle! However, you must deal with all of them in order to properly defend your network, otherwise you are just detecting events and collecting statistics.