Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2009-03-22 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Dealing with Security Challenges

Published: 2009-03-22
Last Updated: 2009-03-22 23:42:02 UTC
by Mari Nichols (Version: 3)
0 comment(s)

Do you ever feel like you are the lone gunman?  Taking pot shots into the dark while trying to solve the your organization's IT issues?  Sometimes it seems we need an army of people on our security team just to keep up with the daily vulnerabilities and challenges. 

Even so, some of us are small security departments being constantly bombarded with incidents, vulnerabilities and forensics.  We try to stay one step ahead of the bad guys, but feel like we're losing the battle.  Do you have some helpful advice for smaller teams?  That's were ISC can help.  We're here to pass on the knowledge from all over the world to teams small and large.

How do you handle these challenges, or how would you do it with less personnel?  Perhaps you have some tips for your overwhelmed and understaffed collegues.  Please send in any helpful ideas you might have for trying to keep up with this ever changing threat landscape.  We'll post your suggestions here all day.

Mari Nichols

iMarSolutions

Updates:  Dom writes in with this good advice: "Automate everything.  It sound simple, but if you are checking logs, write a script to do it, then have the script run by cron/scheduler.  Same apply to configuration checks, vulnerability testing, whatever."

Jeremy writes that he finally gave in to using WSUS and it has made a lot more time for him to work on other more pressing items.

Summary Tips:

  • Set priorities.  Do you really need to perform forensics on a machine that was infected with a virus? 
  • Use the National Vulnerability Database to help determine the priorities in patching based scores and risks in your own environment.
  • Set aside time to increase your knowledge.  Running from incident to incident, training can get pushed aside.  Plan time each day to keep up with the newest vulnerabilities.
  • Talk to your management and use their input to agree on priorities.
  • As with all incident response, remember the first rule..... "stay calm".  Document your daily tasks for "lessons learned" about your work flow.
  • Ask for assistance if you are feeling overwhelmed.  There is probably a lot of talent not being used on your IT team for security.  Take a step forward and tap into your entire team.  Security is interesting and getting help probably isn't as hard as you think.

 

Keywords: small team tips
0 comment(s)
Diary Archives