{"id":146718,"date":"2021-11-16T04:30:44","date_gmt":"2021-11-16T12:30:44","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=146718"},"modified":"2021-11-17T14:20:59","modified_gmt":"2021-11-17T22:20:59","slug":"cloud-incident-response-services","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2021\/11\/cloud-incident-response-services\/","title":{"rendered":"Don\u2019t Panic: Unit 42 Doubles Down on Cloud Incident Response Services"},"content":{"rendered":"

When organizations rapidly moved workloads to the cloud in response to the global health crisis, security teams struggled to stay ahead of the risk and safeguard cloud assets. This led to an explosion of security incidents. In our Unit 42 Cloud Threat Report, 1H 2021<\/a>, we saw a 400% increase in cloud incidents in the retail industry, and an over 200% increase in manufacturing and government sectors.<\/p>\n

We are pleased to announce the enhancement of our Cloud Incident Response (IR) practice to provide an optimized approach for each stage of the cloud incident lifecycle, so organizations can recover faster.<\/p>\n

Because cloud environments are inherently designed to be dynamic and scalable, even simple mistakes<\/a> can lead to expensive, complicated incidents with outsized impact.<\/p>\n

The 2021 Cortex Xpanse Attack Surface Threat Report<\/a> shows that global enterprises found new serious issues in their cloud infrastructure every 12 hours \u2013 twice a day! Some common issues include misconfigurations, insecure remote access, exposed account credentials and unpatched vulnerabilities.<\/p>\n

And just in the past three years, Unit 42 has seen a 188% increase in cloud IR cases, with more than a third of our incident response matters touching cloud assets in one way or another.<\/p>\n

This highlights the ephemeral nature of today\u2019s IT infrastructure, where not only the infrastructure changes, but so does the vulnerability footprint.<\/p>\n

 <\/p>\n

Rapid Response Is Crucial for a Speedy Recovery From a Cloud Incident<\/strong><\/h2>\n

Time is of the essence when a cloud breach happens. You must work as quickly as possible to contain the incident, determine \u201chow it happened\u201d and identify the optimal path to respond and recover. The longer this takes, the worse the potential consequences become.<\/p>\n

Many Incident Response teams continue to use traditional Digital Forensics and Incident Response (DFIR) methods for their cloud environments. The challenge is, traditional DFIR was not designed for dynamic cloud-based incidents.<\/p>\n

And if you don't get it right and determine the root cause, the adversary will be back in your environment again in no time \u2013 or potentially never leave in the first place.<\/p>\n

It\u2019s easy to get stuck in a reactive state when you\u2019re running to the next fire drill.<\/p>\n

Now with the growing importance of and dependence on the cloud, and the growing number of cases that involve it, we are doubling down on our Cloud Incident Response capability to provide an optimized approach for each stage of the cloud incident lifecycle, so your organization can recover quickly.<\/p>\n

 <\/p>\n

Introducing a New Optimized Approach to Cloud Incident Response<\/strong><\/h2>\n

The Unit 42<\/a> cloud incident response team is staffed with experienced cloud experts who understand the special nature of cloud security investigations. They are armed with cutting edge cloud security technology like Cortex XDR<\/a>, Cortex Xpanse<\/a> and Prisma Cloud<\/a> that allows them to quickly identify attack vectors, extent of access and the data at risk, then take the appropriate remediation actions.<\/p>\n

In the event of a cloud incident, our teams stay involved as long as necessary to ensure it is completely contained and everything is back to normal. From there, we help develop playbooks and new processes to ensure a similar event doesn\u2019t happen again. And should you need it, we\u2019re available as an expert witness to articulate what happened, why it happened and who was impacted.<\/p>\n

Imagine the peace of mind of having cloud IR experts as an extension of your team on speed dial. In the event of a cloud incident, your organization won\u2019t have to manage it alone. The Unit 42 Retainer<\/a> operates under prenegotiated terms, with predefined communication channels and playbooks to get started on your investigation within hours. This avoids you having to scramble to negotiate contracts when you need to focus on responding to a breach.<\/p>\n

Having a retainer agreement in place with highly specialized cloud digital forensics and incident response expertise can help you reduce your incident response time<\/strong>, recover faster and resume normal business operations.<\/p>\n

Don\u2019t panic. We\u2019re here to help.<\/p>\n

 <\/p>\n

Watch this short video of Wendi discussing Unit 42 Cloud Incident Response.<\/em><\/p>\n

\n