this post was submitted on 19 Jun 2024
787 points (98.2% liked)

Technology

59168 readers
3451 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] explodicle@sh.itjust.works 1 points 4 months ago (1 children)

That's an industry now? What do you guys do?

[–] Orbituary@lemmy.world 5 points 4 months ago

Quite a lot, actually. This is really a summation and not comprehensive.

  • Evaluate an environment after incident:
    • looking for IOCs, determine spread
    • Determine backup status and restore if possible
    • Return environment to healthy state (AD restore, replication, networking, etc.,)
    • Lockdown of security holes
    • Advise on best practices going forward
  • Decrypt environment if client pays ransom

etc., etc.

Depending on the complexity of the environment, this can take a lot of time and effort: much bigger than most internal teams are capable of doing. A client I had in Feb-Mar lasted a total of 3200 hours of work between 12 people on my team across 34 locations to unfuck the situation.