Petronella’s Incident Response Program

Many modern environments can be described as volatile, uncertain, complex and ambiguous, or VUCA. Surviving and winning in this type of situation rests upon making better decisions and staying agile. However, improving the quality of decision-making is something most organizations fail to do while maintaining speed and flexibility.

Petronella's Cybersecurity acknowledges these short falls and provides an approach to improve the industry standard Incident Response (IR) by focusing on speed and enhanced decision-making.

While employing the OODA model to our IR program, we are able to make quicker, more streamlined decisions, and have shorter reaction times to incidents. Petronella excels in fostering enhanced organizational transparency and prioritizing certainty over uncertainty.

This strategic approach is reflected in our IR program, continually flowing from Monitor to Detect to Respond.

As illustrated below, our IR phases are three-fold:

Monitor Detect Respond

Monitor Phase

Throughout the Monitor phase of the Petronella incident response program, cybersecurity professionals closely observe and scrutinize the network and systems for any signs of anomalous or suspicious activities while maintaining communication with clients to improve their overall security posture.

These are the three focuses for the Monitor Phase:

  1. SOC Monitors potential attack surfaces and vulnerable assets.
  2. Maintain communication channels and escalation procedures.
  3. Improve client security posture.
Monitor Phase

Detect Phase

During the Detect phase of the Petronella incident response program, cybersecurity experts concentrate on four key focuses to efficiently identify potential security incidents. This is where the majority of interaction with the Petronella XDR platform takes place either by investigating alerts and vulnerabilities and triaging any discovered incidents. Petronella uses this opportunity to maintain documentation on client systems and networks.

These are the five focuses for the Detect Phase:

  1. Hunt potential malicious activity
  2. Maintain detailed documentation of events
  3. Scope the potential malicious activity.
  4. Inform clients about potential malicious activity.
  5. Mitigate minor incidents.
Detect Phase

Respond Phase

During the Respond phase of the Petronella incident response program, Petronella turns their efforts to four key focuses to swiftly and effectively address security incidents by collecting evidence, performing root cause analysis, isolating affected systems, and implementing remediation measures.

These are the four focuses for the Respond Phase:

  1. Isolate the affected systems and prevent further damage.
  2. Collect evidence to support the investigation and potential legal action.
  3. Identify and eliminate the root cause of the incident.
  4. Implement temporary and long-term remediation measures
Respond Phase

OODA Model Implementation

The Observation, Orientation, Decision, Action (OODA) model is employed to showcase the Petronella IR program when the Security Operation Center (SOC) observes any unusual or suspicious activity within a clients' environment. The OODA model is used congruently at every stage of the Petronella Incident Response to ensure that speed and enhanced decision-making is prioritized when dealing with any event. OODA has been adopted to help SOC analysts make informed decisions quickly by outlining techniques for Observation, Orientation, Decision,and Action - or OODA.

OADA Model

Green ArrowBy utilizing OODA, SOC analysts quickly make an Observation of suspicious or anomalous activity within client's "Petronella" or area of control based on baselined information we have gathered.

Gray ArrowThen, analysts will proceed to the Orientation phase where they will reflect on what has been found during observations and consider what should be done next. It requires a significant level of situational awareness and understanding in order to make a decision.

Blue-Green ArrowA Decision is then made in coordination with clients about events detected by our SOC analysts. Our analysts take into all considerations of what the possible outcome of an incident would be, and apply that to their decision making process along with the client.

Blue ArrowLastly, Action is taken to classify and remediate any incident. Testing is done prior to implementing any environment changes to ensure total operability of client systems.

All of these steps are taken quickly and with careful judgment along with our internal tools to provide the best possible response to any and all events or incidents. Petronella Cybersecurity is able to stay at the forefront of client incidents by combining our IR program with the OODA model.

Incident Triangle

Please contact us today to discuss the options we have available to help with Incident Response.