❰ Back to Blog

Threat Detection and Response : 4 Best Practices You Should Know

Perimeter defenses of various IT environments continue to be undercut by social engineering, insider threats and other difficult-to-defend attack vectors. Nowadays, greater focus is now being placed on threat detection and response, and work toward the holistic improvement of an incident response strategy.

To that end, here are four best practices that any business can start taking right away:

1. Log Workstation Data

By workstation, we mean any business computer, laptop or endpoint that belongs to the organization and can act as a point of network access. This doesn’t necessarily mean you have to go out and purchase a SIEM. There are intuitive, affordable and easy-to-deploy solutions, that allow IT staff to determine the extent of their workstation data logging, and also the extent of information and events being shared with administrators.

2. Get Real-time, Active Protection

Active protection that continually runs in the background and helps to identify and block cyberthreats in real time is a critical component of threat detection and incident response. This doesn’t occlude the need for a bidirectional firewall, but rather, it assists it by quietly monitoring files that are executed by users. In this way, it helps to identify and block malware that may be accidentally introduced by clicking on a malicious link or running an infected macro.

Threat intelligence is about using what you know to preclude future intrusions.

3. Use Application Control

Speaking of executables, anti-executable software allows you to build a registry of authorized programs. These applications are in effect whitelisted. Meanwhile, unknown executables will not be authorized to run until vetted by an IT administrator. Conversely, executables that are known to be harmful, such as established strains of ransomware and other threats, are automatically blacklisted.

4. Have a Backup Plan

Another aspect is how organizations respond to intrusions. Early detection is certainly important, but what you do following detection can make all the difference. For example, in the event that ransomware infects a computer, that endpoint needs to be quarantined and cleaned before the threat can spread laterally through the network.

For this type of situation, a disaster recovery solution can be extremely useful for bringing lost data back from the dead. However it can be time- consuming and result in unwanted downtime. A ‘Reboot to Restore’ solution can really help in such situations. Users can be enabled to immediately revert their systems back to a familiar state, previously setup by their IT admins. With a simple restart. This can be used as a penultimate layer in a comprehensive disaster recovery plan, to address downtime, improve system availability and ease the IT team’s workload in such situations.

To learn more about effective layered security strategies, contact Faronics.

Matt Williams

A self-proclaimed ‘tech geek’, Matt has worked in technology for a decade and divides his time between blogging and working in IT. A huge New York Giants fan, when not watching football Matt gets his game on playing Call of Duty with his friends and other tech bloggers.