Petronella’s Incident Response Program
Many modern environments can be described as volatile, uncertain, complex and ambiguous, or VUCA. Surviving and winning in this type of situation rests upon making better decisions and staying agile. However, improving the quality of decision-making is something most organizations fail to do while maintaining speed and flexibility.
Petronella's Cybersecurity acknowledges these short falls and provides an approach to improve the industry standard Incident Response (IR) by focusing on speed and enhanced decision-making.
While employing the OODA model to our IR program, we are able to make quicker, more streamlined decisions, and have shorter reaction times to incidents. Petronella excels in fostering enhanced organizational transparency and prioritizing certainty over uncertainty.
This strategic approach is reflected in our IR program, continually flowing from Monitor to Detect to Respond.
As illustrated below, our IR phases are three-fold:
Throughout the Monitor phase of the Petronella incident response program, cybersecurity professionals closely observe and scrutinize the network and systems for any signs of anomalous or suspicious activities while maintaining communication with clients to improve their overall security posture.
These are the three focuses for the Monitor Phase:
During the Detect phase of the Petronella incident response program, cybersecurity experts concentrate on four key focuses to efficiently identify potential security incidents. This is where the majority of interaction with the Petronella XDR platform takes place either by investigating alerts and vulnerabilities and triaging any discovered incidents. Petronella uses this opportunity to maintain documentation on client systems and networks.
These are the five focuses for the Detect Phase:
During the Respond phase of the Petronella incident response program, Petronella turns their efforts to four key focuses to swiftly and effectively address security incidents by collecting evidence, performing root cause analysis, isolating affected systems, and implementing remediation measures.
These are the four focuses for the Respond Phase:
OODA Model Implementation
The Observation, Orientation, Decision, Action (OODA) model is employed to showcase the Petronella IR program when the Security Operation Center (SOC) observes any unusual or suspicious activity within a clients' environment. The OODA model is used congruently at every stage of the Petronella Incident Response to ensure that speed and enhanced decision-making is prioritized when dealing with any event. OODA has been adopted to help SOC analysts make informed decisions quickly by outlining techniques for Observation, Orientation, Decision,and Action - or OODA.
By utilizing OODA, SOC analysts quickly make an Observation of suspicious or anomalous activity within client's "Petronella" or area of control based on baselined information we have gathered.
Then, analysts will proceed to the Orientation phase where they will reflect on what has been found during observations and consider what should be done next. It requires a significant level of situational awareness and understanding in order to make a decision.
A Decision is then made in coordination with clients about events detected by our SOC analysts. Our analysts take into all considerations of what the possible outcome of an incident would be, and apply that to their decision making process along with the client.
Lastly, Action is taken to classify and remediate any incident. Testing is done prior to implementing any environment changes to ensure total operability of client systems.
All of these steps are taken quickly and with careful judgment along with our internal tools to provide the best possible response to any and all events or incidents. Petronella Cybersecurity is able to stay at the forefront of client incidents by combining our IR program with the OODA model.