Enhancements
With the magnitude and advancement of cyber attack techniques, organizations must continuously enhance the security layers within their IT environment to respond to and prevent elusive threats.
Security enhancements refer to the improvements in the security framework of an organization, such as:
Changes in the security strategy and policy. For example, the implementation of new incident workflows to respond to threats, such as Ransomware and log4j.
Implementation of new security guidelines. For example, implementing guidelines to prevent domain typosquatting.
Updates to the existing processes based on the learnings from the previous threats. For example, updating an incident workflow to add or update the phases and fields based on similar incidents.
In Respond (CFTR), users who have Create/Update permissions to Enhancements can create an enhancement and assign a security analyst to perform the enhancement tasks and help in the steady improvement of the threat response by evaluating potential failures.
Enhancements Management Flow
The following illustration shows the overall workflow to manage enhancements in Respond:
Create Enhancement: Create an enhancement to perform a security enhancement task. For more information, see Create Enhancement.
Assign a User: Assign a security analyst to perform the tasks of the enhancement. The assigned security analyst must be a member of the assigned user group. For more information, see Assign User.
Analyze Enhancement Summary: Analyze the enhancement summary to know more about the requirements of the enhancement.
Perform Enhancement Tasks: Perform the security enhancement tasks as specified in the enhancement.
Close Enhancement: Move the action status to Closed.
You can also use the following features to perform the tasks of the action effectively:
Notes: Add notes about important events while performing the security enhancement tasks for reference. Any user who has access to an enhancement can view and add notes. For more information, see Add Notes.
Activity Logs: Track all the updates of an enhancement in the activity logs. During the retrospection of an enhancement, you can use the activity logs to trace a specific enhancement update. You can search, filter, and export the logs. For more information, see Manage Activity Logs.
Connect the Dots: Connect other Respond modules with the enhancement to draw contextual intelligence on complex threats to effectively perform the tasks of the enhancement. For more information, see Connect the Dots.
Attachments: Upload the external files that are related to the enhancement as attachments. You can upload files of any format or size. For more information, see Add Attachments.