{"id":6415,"date":"2020-10-21T22:54:41","date_gmt":"2020-10-21T21:54:41","guid":{"rendered":"https:\/\/www.n-able.com\/?p=6415"},"modified":"2021-04-09T22:55:00","modified_gmt":"2021-04-09T21:55:00","slug":"ncsam-responding-and-recovering-threats-they-arise","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/it\/blog\/ncsam-responding-and-recovering-threats-they-arise","title":{"rendered":"NCSAM: Responding to and Recovering from Threats as They Arise"},"content":{"rendered":"<p>In our previous post for National Cybersecurity Awareness Month (NCSAM), we talked about detecting threats. As threats have changed, particularly during the past year, having the right tools and processes in place to detect threats as they arise is\u00a0<em>crucial<\/em>\u00a0for maintaining a strong security posture.<\/p>\n<p>However, threat detection only plays one part. While some threats, once detected, have straightforward answers, some can balloon their damage to the point of seriously harming an organization. Today, we\u2019ll talk about two things\u2014incident response and recovery technologies.<\/p>\n<p>Let\u2019s dive in.<\/p>\n<h2 class=\"h3\">Respond and Recover<\/h2>\n<p>When threats arise, your team needs to fix the issues quickly and professionally. How you handle it can make a huge difference on whether or not you keep that customer happy (and paying). That means you need a combination of both strong policies and robust technology.<\/p>\n<h3 class=\"h4\">DEVELOP AN IR PROCESS<\/h3>\n<p>Before you can recover your customers to full strength, you\u2019ll want to have an incident response (IR) plan in place. The plan doesn\u2019t have to be extensive, but you should have a fixed process in place to deal with incidents as they arise. While incident response is a topic in and of itself (and can be a deep rabbit hole), try to at least make sure you have an idea of the steps to take\u2014from quarantining infectious machines, investigating what happened, fixing the issue, then testing to make sure there aren\u2019t unintended side effects. You\u2019ll also want to figure out how best to communicate to your customers through the process, both in terms of keeping them in the loop during downtime and explaining how you\u2019ll prevent future issues.<\/p>\n<h3 class=\"h4\">FORMALIZE YOUR PLAN<\/h3>\n<p>Next, make sure to\u00a0<em>write it down<\/em>. You don\u2019t want to skip this step. When an incident occurs, you\u2019ll be thankful you have step-by-step instructions for your team on how best to handle an incident. A good portion of handling security incidents involves keeping a clear head under pressure; having a written plan helps reduce the likelihood of confusion or mistakes. Also, make sure to revisit and add to the plan at least once a quarter, as your steps will change over time (and may be slightly different depending on your customer base).<\/p>\n<h3 class=\"h4\">PRACTICE FOR INCIDENTS BEFORE THEY HAPPEN<\/h3>\n<p>We mentioned that having a written plan helps reduce confusion. So does practice. When people first face a security incident, they can get flustered or enter panic mode. That\u2019s why it\u2019s important to prepare ahead of time. If you can make the time, try to act out specific incidents, particularly ransomware, so each person knows their part and won\u2019t be facing it for the first time live.<\/p>\n<h3 class=\"h4\">BACK UP OFTEN<\/h3>\n<p>Beyond your process, you\u2019ll also need some tools in your toolbox, and a cloud-based backup is a must.\u00a0<a href=\"https:\/\/www.solarwindsmsp.com\/products\/backup\/workstation-backup?promo=blog\" target=\"_blank\" rel=\"noopener\">Backing up workstations\u00a0<\/a>to cloud storage is an absolute must to helping prevent data loss, particularly during the era of heavy remote work, as people may be more lax about connecting to a corporate server to save their files. If you can, try to\u00a0<a href=\"https:\/\/www.solarwindsmsp.com\/products\/backup\/use-cases\/endpoint-backup?promo=blog\" target=\"_blank\" rel=\"noopener\">back up the entire endpoint<\/a>, or at least critical business documents. And make sure to schedule your backup jobs so you still meet your recovery point objectives.<\/p>\n<h3 class=\"h4\">TEST FOR RECOVERY<\/h3>\n<p>Picking up on a theme from earlier, you\u2019ll want to make sure you\u2019re ready when the time comes to restore. That\u2019s why we recommend frequently testing your customers\u2019 backups for recoverability. The last thing you want is to find out a backup has become corrupted or you can\u2019t restore while in the middle of a crisis.<\/p>\n<h3 class=\"h4\">USE EDR WITH ROLLBACK<\/h3>\n<p>Finally, SolarWinds<sup>\u00ae<\/sup>\u00a0Endpoint Detection and Response (EDR) includes an automated rollback feature that can restore an endpoint based on Windows to a safe state quickly after a potential threat. In fact, it can take a number of policy-driven actions, including quarantining files, disconnecting endpoints from a network, or blocking connections to malicious sites. While EDR was mentioned in the previous blog on detection, it plays a pivotal role in the response and recovery processes as well. As customers work remotely, EDR can work almost as independent incident response teams on each endpoint, often stopping an issue before it takes causes too much damage. And since 76% of organizations predicted remote work would increase IR times in this year\u2019s\u00a0<a class=\"ext\" href=\"https:\/\/www.ibm.com\/uk-en\/security\/data-breach\" target=\"_blank\" rel=\"noopener noreferrer\">Cost of a Data Breach<\/a>\u00a0report from Ponemon and IBM, the automated rollback feature could be worth its weight in gold. Still, it\u2019s important to note that this feature isn\u2019t a replacement for cloud-based backup. You\u2019ll still need it for rollback on machines that aren\u2019t Windows, and it\u2019s still important for other forms of data loss.<\/p>\n<h2 class=\"h3\">Keeping your cool under pressure<\/h2>\n<p>Security incidents will occur despite your best laid plans and defenses. It happens to large enterprises as much as it happens to small businesses. What makes you prove your worth to your customers comes down to how you handle the incident, and how quickly you get them back up and running. Make sure to have a good IR process in place so you can keep your customers safe (and happy).<\/p>\n<p><b>Sometimes, there\u2019s a snag when it comes to recovery. On the one hand, you need the right tools to make sure you can restore data in a pinch. But some customers may skimp on backup in an attempt to save cost, often without really understanding the risk until it\u2019s too late. To help you solve this problem, don\u2019t miss our free eBook,\u00a0<em>The Big Book of Selling Data Protection<\/em>. It\u2019ll help both your customers\u2019 readiness for a data loss event and help improve your bottom line.\u00a0<\/b><a href=\"https:\/\/www.solarwindsmsp.com\/resources\/eb-big-book-selling-data-protection\" target=\"_blank\" rel=\"noopener\"><b>Get your copy today<\/b><\/a><b>.\u00a0<\/b><\/p>\n","protected":false},"excerpt":{"rendered":"<p>When threats arise, your team needs to fix issues quickly and professionally. That means you need a combination of both strong policies and robust technology.<\/p>\n","protected":false},"author":24,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-6415","post","type-post","status-publish","format-standard","hentry","topic-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Responding to and Recovering from Threats as They Arise - N-able<\/title>\n<meta name=\"description\" content=\"When threats arise, your team needs to fix issues quickly and professionally. That means you need a combination of both strong policies and robust technology.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/it\/blog\/ncsam-responding-and-recovering-threats-they-arise\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Responding to and Recovering from Threats as They Arise - N-able\" \/>\n<meta property=\"og:description\" content=\"When threats arise, your team needs to fix issues quickly and professionally. That means you need a combination of both strong policies and robust technology.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/it\/blog\/ncsam-responding-and-recovering-threats-they-arise\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2020-10-21T21:54:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-04-09T21:55:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"N-able\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"N-able\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/ncsam-responding-and-recovering-threats-they-arise#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/ncsam-responding-and-recovering-threats-they-arise\"},\"author\":{\"name\":\"N-able\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b\"},\"headline\":\"NCSAM: Responding to and Recovering from Threats as They Arise\",\"datePublished\":\"2020-10-21T22:54:41+01:00\",\"dateModified\":\"2021-04-09T21:55:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/ncsam-responding-and-recovering-threats-they-arise\"},\"wordCount\":969,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\"},\"articleSection\":[\"Security\"],\"inLanguage\":\"it-IT\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/ncsam-responding-and-recovering-threats-they-arise\",\"url\":\"https:\/\/www.n-able.com\/it\/blog\/ncsam-responding-and-recovering-threats-they-arise\",\"name\":\"Responding to and Recovering from Threats as They Arise - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#website\"},\"datePublished\":\"2020-10-21T22:54:41+01:00\",\"dateModified\":\"2021-04-09T21:55:00+00:00\",\"description\":\"When threats arise, your team needs to fix issues quickly and professionally. That means you need a combination of both strong policies and robust technology.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/ncsam-responding-and-recovering-threats-they-arise#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/it\/blog\/ncsam-responding-and-recovering-threats-they-arise\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/it\/blog\/ncsam-responding-and-recovering-threats-they-arise#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Security\",\"item\":\"https:\/\/www.n-able.com\/it\/blog\/category\/security\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"NCSAM: Responding to and Recovering from Threats as They Arise\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/it\/#website\",\"url\":\"https:\/\/www.n-able.com\/it\/\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/it\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/it\/#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/it\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/it\/#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b\",\"name\":\"N-able\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"caption\":\"N-able\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Responding to and Recovering from Threats as They Arise - N-able","description":"When threats arise, your team needs to fix issues quickly and professionally. That means you need a combination of both strong policies and robust technology.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/it\/blog\/ncsam-responding-and-recovering-threats-they-arise","og_locale":"it_IT","og_type":"article","og_title":"Responding to and Recovering from Threats as They Arise - N-able","og_description":"When threats arise, your team needs to fix issues quickly and professionally. That means you need a combination of both strong policies and robust technology.","og_url":"https:\/\/www.n-able.com\/it\/blog\/ncsam-responding-and-recovering-threats-they-arise","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2020-10-21T21:54:41+00:00","article_modified_time":"2021-04-09T21:55:00+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg","type":"image\/jpeg"}],"author":"N-able","twitter_card":"summary_large_image","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"Scritto da":"N-able","Tempo di lettura stimato":"5 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/it\/blog\/ncsam-responding-and-recovering-threats-they-arise#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/it\/blog\/ncsam-responding-and-recovering-threats-they-arise"},"author":{"name":"N-able","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b"},"headline":"NCSAM: Responding to and Recovering from Threats as They Arise","datePublished":"2020-10-21T22:54:41+01:00","dateModified":"2021-04-09T21:55:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/it\/blog\/ncsam-responding-and-recovering-threats-they-arise"},"wordCount":969,"publisher":{"@id":"https:\/\/www.n-able.com\/it\/#organization"},"articleSection":["Security"],"inLanguage":"it-IT"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/it\/blog\/ncsam-responding-and-recovering-threats-they-arise","url":"https:\/\/www.n-able.com\/it\/blog\/ncsam-responding-and-recovering-threats-they-arise","name":"Responding to and Recovering from Threats as They Arise - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/it\/#website"},"datePublished":"2020-10-21T22:54:41+01:00","dateModified":"2021-04-09T21:55:00+00:00","description":"When threats arise, your team needs to fix issues quickly and professionally. That means you need a combination of both strong policies and robust technology.","breadcrumb":{"@id":"https:\/\/www.n-able.com\/it\/blog\/ncsam-responding-and-recovering-threats-they-arise#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/it\/blog\/ncsam-responding-and-recovering-threats-they-arise"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/it\/blog\/ncsam-responding-and-recovering-threats-they-arise#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Security","item":"https:\/\/www.n-able.com\/it\/blog\/category\/security"},{"@type":"ListItem","position":2,"name":"NCSAM: Responding to and Recovering from Threats as They Arise"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/it\/#website","url":"https:\/\/www.n-able.com\/it\/","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/it\/#organization","name":"N-able","url":"https:\/\/www.n-able.com\/it\/","logo":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/it\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/it\/#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b","name":"N-able","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","caption":"N-able"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts\/6415","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/comments?post=6415"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/posts\/6415\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/it\/wp-json\/wp\/v2\/media?parent=6415"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}