Incident response playbooks are step-by-step guides that organisations use to handle security incidents, such as cyber attacks or data breaches. They outline the actions to take, who is responsible, and how to communicate during and after an incident. Playbooks help teams respond quickly and consistently, reducing the impact of threats and speeding up recovery.
Category: Threat Detection and Response
Intrusion Detection Tuning
Intrusion detection tuning is the process of adjusting and configuring an intrusion detection system (IDS) so that it can accurately detect real security threats while minimising false alarms. This involves setting detection rules, thresholds, and filters to ensure that the system focuses on genuine risks relevant to the specific environment. Tuning is an ongoing task…
Network Threat Modeling
Network threat modelling is the process of identifying and evaluating potential security risks to a computer network. It involves mapping out how data and users move through the network, then looking for weak points where attackers could gain access or disrupt services. The goal is to understand what threats exist and prioritise defences before problems…
Graph-Based Anomaly Detection
Graph-based anomaly detection is a technique used to find unusual patterns or outliers in data that can be represented as networks or graphs, such as social networks or computer networks. It works by analysing the structure and connections between nodes to spot behaviours or patterns that do not fit the general trend. This method is…
Endpoint Threat Isolation
Endpoint threat isolation is a cybersecurity technique used to contain and restrict potentially compromised devices, such as computers or mobile phones, from interacting with other parts of a network. When a threat is detected on an endpoint, isolation tools limit its ability to communicate, stopping the spread of malware or data breaches. This method helps…
Deceptive Security Traps
Deceptive security traps are security measures designed to mislead attackers and detect unauthorised activity. These traps often mimic real systems, files, or data to attract attackers and study their behaviour. By interacting with these traps, attackers reveal their methods and intentions, allowing defenders to respond more effectively.
Incident Response Automation
Incident response automation refers to using software tools and scripts to automatically detect, investigate, and respond to security incidents without needing constant human intervention. It helps organisations react quickly to threats, reduce errors, and free up security teams for more complex tasks. Automated incident response can include actions like blocking malicious traffic, isolating affected devices,…
Cyber Threat Intelligence Feeds
Cyber Threat Intelligence Feeds are streams of information about current and emerging cyber threats, such as malware, phishing sites, or suspicious IP addresses. These feeds are updated regularly and are used by organisations to stay aware of potential risks to their systems. The information can come from a variety of sources, including security vendors, government…
Automated Threat Correlation
Automated threat correlation is the process of using computer systems to analyse and connect different security alerts or events to identify larger attacks or patterns. Instead of relying on people to manually sort through thousands of alerts, software can quickly spot links between incidents that might otherwise go unnoticed. This helps organisations respond faster and…
Real-Time Threat Monitoring
Real-Time Threat Monitoring is the process of continuously watching computer systems, networks, or applications for signs of possible security threats or malicious activity as they happen. It uses automated tools to detect and alert security teams about suspicious behaviour or unauthorised access attempts without delay. This helps organisations respond quickly to security incidents and minimise…