Posts under Incident Response
Container technology is fundamentally changing the way incident response (IR) is handled within the enterprise, and it is putting agile organizations back in a position of strength against their attackers. Microservices and containers comprise an infrastructure that can be leveraged as a security orchestrator and responder, which allows for radical improvements in both the scale and speed of threat detection, response, and prevention. IR in a traditional environment Today’s systems have become too distributed, integrate too many programs, and present too many attack surfaces for security analysts to thwart attacks effectively.
Forensics in the age of containers You’ve seen it countless times in television’s most popular dramas: professional investigators descend on the scene of a crime to meticulously record and analyze every detail and clue before anyone else can disrupt the scene. If the crime appears to be related to other ongoing cases, clues are tacked to the peg board back at headquarters. Only once all the pieces have been assembled do patterns emerge.