©2016 Acquia Inc. — Confidential and Proprietary

I’ve been hacked… now what?

Ron NorthcuttSr. Solutions Architect

©2016 Acquia Inc. — Confidential and Proprietary©2016 Acquia Inc.

©2016 Acquia Inc. — Confidential and Proprietary©2016 Acquia Inc. — Confidential and Proprietary

Agenda

● Approach

● Core concept

● Prevention plan

● Incident response plan

● Strategies

©2016 Acquia Inc. — Confidential and Proprietary©2016 Acquia Inc. — Confidential and Proprietary

Approach

● Solutions based methodology

● Focus on common attack vectors

● Know your risk levels

● Minimize footprint

● Keep it simple

©2016 Acquia Inc. — Confidential and Proprietary©2016 Acquia Inc. — Confidential and Proprietary

Core concept

● Revolves around 2 plans

○ How to Prevent an attack

○ How to Respond to an attack

©2016 Acquia Inc. — Confidential and Proprietary©2016 Acquia Inc. — Confidential and Proprietary

Cyber defense plan (Prevent)

● Monitoring tools

● Defensive tools

● Managed services

● Pen testing

● Hunting

©2016 Acquia Inc. — Confidential and Proprietary©2016 Acquia Inc. — Confidential and Proprietary

Incident response plan (Respond)

“Incident response is an organized approach to addressing and

managing the aftermath of a security breach or attack (also known as

an incident).

The goal is to handle the situation in a way that limits damage and

reduces recovery time and costs.”

http://searchsecurity.techtarget.com/definition/incident-response

©2016 Acquia Inc. — Confidential and Proprietary

1 - Discovery & Investigation

2 - Escalation of the breach

3 - Containment of the breach

4 - Data integrity & forensic evidence

5 - Restore services

6 - Notify affected parties

7 - Post incident report

Return to monitoring

7 Stages of Incidence Response

©2016 Acquia Inc. — Confidential and Proprietary©2016 Acquia Inc. — Confidential and Proprietary

Strategy - Plan management

● Living document

● Update regularly

● Track revisions & approvals

● Align with partners

©2016 Acquia Inc. — Confidential and Proprietary©2016 Acquia Inc. — Confidential and Proprietary

Strategy - Architecture

● Separation of concerns

● Layers of security

● Harden devices and connections

● Whitelisting over blacklisting

● Fungible systems with scripting

©2016 Acquia Inc. — Confidential and Proprietary©2016 Acquia Inc. — Confidential and Proprietary

Strategy - Centralized services & tools

● Examples: in-house, managed services,

cross-department, etc.

● Economy of scale = less expensive

● Outsource maintenance & compliance

● Augment your team with expert partners

©2016 Acquia Inc. — Confidential and Proprietary©2016 Acquia Inc. — Confidential and Proprietary

Strategy - Look at the ROI for all scenarios

● Be honest about the risk

● Be honest about the cost

● Invest in human time

● Maximize the resources you have

(budget, hires, internal teams, existing tools, etc.)

©2016 Acquia Inc. — Confidential and Proprietary

● Solutions based approach

● Core concept

● Prevention plan

● Incident response plan

● Strategies

Review

©2016 Acquia Inc. — Confidential and Proprietary

Take action!

Schedule a review of your plan today.

©2016 Acquia Inc. — Confidential and Proprietary

Questions?

Ron NorthcuttSr. Solutions Architect

ron.northcutt@acquia.com