Incident Response and Investigations

External Attack Surface Management (EASM)

Incident response and investigations refer to identifying, containing, and resolving security incidents, such as data breaches or cyberattacks, and investigating the cause and scope of these incidents. This process is critical to minimizing the impact of incidents and preventing similar incidents from occurring.

An external attack surface management collaboration and management facility, when combined with security ratings and a targeted/dynamically-created-evidence-based questionnaire, can assist in incident response and investigations in several ways:

Centralized platform: An external attack surface management collaboration and management facility provides a centralized platform for managing and coordinating incident response and investigations. This centralized platform allows different teams and stakeholders to communicate, coordinate and collaborate effectively, ensuring everyone can access the necessary information and resources to respond to incidents.

Security ratings: Security ratings objectively measure an organization's security posture based on vulnerability management, patching cadence, and network security. Organizations can identify potential risks using security ratings and prioritize their response efforts accordingly. For example, suppose an incident occurs involving two systems or applications, one with a low-security rating and another with a high-security rating. The organization can now prioritize resources and execute actions based on security ratings to address the incident and vulnerabilities.

Targeted/dynamically-created-evidence-based questionnaire: Organizations can use a targeted/dynamically-created-evidence-based questionnaire to gather additional information about incidents and potential vulnerabilities. These questionnaires can be customized based on the specific incident or vulnerability, ensuring the organization collects the most relevant information to inform its response efforts. For example, suppose an incident involves a particular system or application; organizations can create a targeted questionnaire to gather information about it, such as its configuration and access controls.

By combining these tools, organizations can respond more effectively to incidents and investigations. The centralized platform allows for effective communication and collaboration, while security ratings and targeted questionnaires help prioritize response efforts and gather the most relevant information. Ultimately, this can help organizations minimize the impact of incidents and improve their overall security posture.