Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
Module 10 deals with the challenge of handling simultaneous intrusions. Multiple kill chains come into effect and the challenge is heightened to determine if any are related. Extra methodology is required in such a situation. Identification of separate, simultaneous intrusions begins with pattern recognition. Reliable methods are critical in this step to prevent the risk of confirmation bias and reaching false correlations. Assistance with correlation can come in the form of vendors alerts or correlation with other analysts and other teams via a comms plan. Coordination in the form of plans, policies, and procedures are required to govern info-sharing. Building a knowledge base of sanitized data is a challenging but worthwhile effort in order to assist with future simultaneous events.