USED PLAYBOOKS OF 2017 – Incident response, Alerts, Automation

August 21 2017
The Most Used Playbook Of 2017 series brings you the production playbooks noted by our professional services team as being most utilized and favored by customer SOCs.These playbooks implement best practice workflows for alert handling, alerts investigation, incident response and automation plans.

Phishing attacks

Phishing Playbook

80% of recently reported successful attacks began with deceptively simple phishing e-mails. 10% of all SOC alerts relate in some way to phishing attacks. Of these, 80% can be blocked, but these still require many hours of investigation to validate outcomes. That’s why organizations are constantly seeking innovative time-saving solutions. The following phishing playbook presents a consumer-tested workflow for security professionals.

Playbook Steps Summary

The primary goal is to identify all affected users as soon as possible. We collect evidence of the attack across the whole organization; perform automated analysis of IP, hosts and URLs; and block malicious contacts (including attack sender and URLs). For future prevention of human error, the playbook also automatically sends awareness content to affected users.

Notes: * The playbooks demonstrate only the most popular rules that generate the described attack vectors. * All playbooks are fully customizable to the capabilities and the tools in your SOC.

Topics: Uncategorized

Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Subscribe to Email Updates