Digital Defenders

Cyber incidents are becoming more frequent and increasingly sophisticated. Also, some attackers threaten reputational harm. The increased danger of system damage, data theft, lost productivity and reputational harm make having a comprehensive incident response plan more important than ever.

Managing these risks and protecting your customers takes strong cyber response capabilities. You need to build protections before breaches occur, and you need the capability to react quickly to an attack. Those capability aren’t just in the I.T. department. You need to prepare everyone — senior leadership, legal and public relations — so that you can minimise damage and disruption.

Our webinar series covers the entire cyber security incident management process. Industry experts join us to share their best practices for detecting and analysing security threats, containing and eradicating attacks, and to outline effective remediation and recovery techniques.

Topics

Cyber Security Incident Response

The intensity and sophistication of cyber-attacks is on the rise. It’s no longer a question of if you’ll get breached. You have been lucky if you are yet to deal with a cyber security incident. You don’t necessarily need a dedicated cyber-security team. However, businesses of all sizes need to put basic cyber hygiene in place. A breach is a crisis affecting many parts of the business. That’s why you need an incident response plan that extends beyond the technical. Your plan should include thinking from leaders and teams across all relevant areas, including legal, PR and brand. Read more > Watch our webinar >

Detecting & Analysing Threats

The faster you act in a security incident, the faster you can resolve and remediate it. That’s why having a plan in advance is so important. We are here to help you get yours in a strong place. Detecting and analysing incidents means managing processes, people, and technology. We now have a lot of information about how attackers operate, their tools and methods. Use the knowledge that’s out there to plan how you’d respond to an incident. Document, test and then refine that plan. Read more > Watch our webinar >

Containing & Eradication Threats

Cyber-attacks are becoming more frequent and sophisticated. That’s why it’s important to plan for how you’ll contain an attack. Containing an attack will buy precious time for your organisation to prepare for the eradication phase. Planning eradication is important given there’s less of a risk that you’ll try to eradicate the attacker too quickly before the threat is contained. Eradicating too quickly will tip the attacker off which may cause for them to escalate the attack. The result could be sabotage, data exfiltration or rapid deployment of ransomware. Read more > Watch our webinar >

Recovery & Remediation

Recovery from a cyber security incident is a three-stage process, not a continuum. By responding to all cyber-threats through the lens of Incident Response, Compromise Recovery and Strategic Recovery, our approach at Microsoft is to leave no stone unturned in your threat recovery gameplan. We always find a lessons learned session is critical to gather feedback from technical and business stakeholders. What worked well? What didn’t? What could be improved in the areas of technology, people, and processes? Read more > Watch our webinar >

How we do incident management at Microsoft

Microsoft has over 13,000 people working in a diverse set of teams in the cyber security arena. Our Cyber Defense Operation Center (CDOC) is a fusion centre. Incident responders, threat intelligence, legal, investigators, communications and marketing teams could all be working together on an incident. The CDOC includes experts in getting the right signals from our automated tools and filtering out noise. At Microsoft, we see 600 billion events per month, but only hundreds of these need to be looked at by a person. That’s because our tiered incident response structure incorporates automation. We adapt and change our approach as we face new threats. Read more > Watch our webinar >