Home Science IT Security Incident Response: Current State, Emerging Problems, and New Approaches

IT Security Incident Response: Current State, Emerging Problems, and New Approaches


The field Incident Response within the IT Security is the overall process of handling an incident which occurs within a computer network or system. It involves the detection, analysis, remediation, and containment of an attack. This capabilities are necessary in order to adequately respond to attacks against systems and be able to limit the associated risk involved in such a case. In recent years the number of attacks against the Internet increased and more organizations are building up defense capabilities, which are called Computer Emergency Response Teams (CERTs). However the IT infrastructure is changing rapidly and security teams are confronted with new challenges. Therefore they need to evolve in their maturity which is on one hand organizational wise and on the other hand they improve their technical knowledge. Within this thesis the authors first give an overview about CERTs, Incident Response, and Digital Forensics and afterwards they describe the current challenges using real world case studies. Later they discuss their contributions in these fields. One was to develop a new description standard where security teams can provide information about their constituency, their responsibility, and contact information. This can be used by tools in order to automate some parts of handling incidents or by humans to find the right contact for a system. Next they describe a new organizational model how a CERT may be organized in order to be efficient for today’s threat landscape. They further have a deeper look into how cloud environments are influencing the handling of incidents. More organizations are moving their IT in such environments, however security teams may loose their control for detecting and responding to attacks. That heavily depends on the deployment model and therefore they discuss the influence of these models to the different defense capabilities and purpose some ideas how this can be solved. Another contribution is in the field of Memory Forensics, which is nowadays an important topic and more tools are being created for it. Therefore it is important to have a model where you can categorize the different information contained in memory. The authors created such a model and discuss the usage using real world scenarios. Finally they contribute to the field of malicious software analysis. One urgent problem here is the analysis of malicious office files and the question which vulnerability is exploited. The authors created a novel system which analyzes files and is able to determine the exploited vulnerability using the patches provided by the vendors. This approach is decreasing the time to analyze an office file and therefore a security team can faster respond to attacks.



Load More Related Articles
Load More In Science
Comments are closed.