Institutional knowledge is leaving companies at a rapid rate. Employees are very mobile, moving between companies fairly rapidly. Just as they learn something important, they are out the door. That knowledge is not always transferred to others staying behind. Here one day, gone the next. How can you explain a business decision, technology decision, or any other decision without information? Architects, developers, and business folks should be writing documents to cover all major decisions, but these happen long after the decisions have been made. We lack the reasons behind the decisions, the original questions asked, and all the work leading up to the decisions. We do not want to lose institutional knowledge. Now, into this breach comes a new set of tools.
Articles Tagged with Incident Response
Ransomware is a major concern these days. In many cases, it is a nightmare once it hits, and not just for desktops, but also for servers. Think about it: how would your brand-new analytics package fare if all of the disk data were encrypted by ransomware? Desktops may be the way in, but the deeper into the environment the attacker gets, the more valuable the data. This is where data protection comes to the fore: not just disaster recovery or business continuity, but protection of archival data. We need all of these to survive the latest ransomware attacks by attackers who never send you working decryption keys even if you pay. Preventing a ransomware attack is one thing. Dealing with the aftermath of an attack is another. Prevention and incident response are crucial.
During the last Virtualization Security Podcast, our guest had to postpone so we discussed to several interesting topics all related to Digital Forensics and how encryption would best work within the virtual environment. Our very own Michael Berman, in a previous life, was a forensic investigator and had some great insights into the problem of digital forensic within the virtual environment.
We discussed forensic from the perspective of evidence necessary for the court of law. In other words, forensically sound data acquisition prepared for forensic analysis. This is the an interesting aspect of virtualization. Some of which I have discussed before.
Out of this discussion came some fairly straight forward advice that many may find difficult to perform due entirely to the additional cost and requirements:
- Have a Written Incident Response Policy and Procedure