6. Incident Response Preparation
Incident Response Preparation provides the Network Security Team and Compliance Team with capabilities that allow users to:
- Align network architecture understanding and break silos through a single pane of glass
- Train first responders and harden defenses via realistic attack scenario simulation
- Prioritize vulnerability mitigation faster
Network Architecture Understanding
Monitoring for indicators of compromise allows organizations to better detect and respond to security compromises. When the security team discovers a potential compromise, NP-View can assist with incident response by quickly identifying critical paths to the compromised system.
For example, critical host BCC_DB_A, a database server on the network, is experiencing increased reads.
Train First Responders
Users can be trained to use NP-View to quickly assess the situation. NP-View shows each host with the inbound and outbound paths. In this example, the inbound port, 1443, is the likely target for the increased database activity.
The topology map displays the 9 connectivity paths using this port.
Prioritize Vulnerability Mitigation
Stepping stones are hosts in a network which could be compromised and used by malicious attackers to perform lateral movements. Attackers hop from one compromised host to another to form a chain of stepping stones before launching an attack on the actual target host.
Using the stepping stone analysis, the security team can quickly identify the paths of concern and the number of steps away from the compromised system or other important assets and can quickly prioritize a remediation plan.