Security News > 2020 > September > Five Eyes Cybersecurity Agencies Release Incident Response Guidance
Cybersecurity agencies in Australia, Canada, New Zealand, the United Kingdom, and the United States have published a joint advisory focusing on detecting malicious activity and incident response.
Best practice incident response procedures, the report notes, start with the collection of artifacts, logs, and data, and their removal for further analysis, and continue with implementing mitigation steps without letting the adversary know that their presence in the compromised environment has been detected.
The joint advisory encourages organizations to collaborate with a third-party IT security organization to receive technical support, ensure that the adversary has been removed from the network, and avoid issues resulting from follow-up compromises.
The joint advisory "Highlights technical approaches to uncovering malicious activity and includes mitigation steps according to best practices. The purpose of this report is to enhance incident response among partners and network administrators along with serving as a playbook for incident investigation."
Network segmentation, physical segregation of sensitive data, adopting the principles of least privilege, and applying recommendations and implementing secure configurations across the network segments and layers should help diminish the harm in the event of an attack.