Jamf Blog
Sign post with conceptual phrases indicating right or wrong paths to take
July 13, 2021 by Jesus Vigo

Advanced incident response and remediation guide

Overview of the advanced processes and methodologies, based on industry best practices, to help your organization develop and implement holistic Incident Response and Remediation (IR&R) plans to protect its devices, users and keep data secure.

Protecting data is more than merely enabling full-disk encryption on mobile devices, requiring the use of VPN to access internal resources or mandating compliance with acceptable use policies. Don’t get me wrong, those are all important pieces of the puzzle – but developing a strong incident response and remediation plan that covers multiple aspects of security by protecting assets goes beyond the sum of its parts.

As with any well-oiled machine, there are many facets that go into ensuring that it performs as flawlessly as possible every time. In this case, the machine metaphor equals the entire IR&R process and various phases to answer the who, what, when, where, why and how questions relating to:

  • Securing and monitoring endpoints
  • Detecting and preventing threats
  • Triaging issues to determine next steps
  • Creating and dispatching response teams to resolve issues
  • Developing, implementing and maintaining adherence to policies
  • Reporting and updating iteratively to fine tune performance through lessons learned and advancements in technology

While the guide we’ve developed provides an in-depth look at each phase with concise breakdowns to determine how they can be applied to meet your company’s security goals, the aim of this accompanying piece is to introduce you to each of the phases at the heart of IR&R:

  • Prepare: Identify assets, including devices and the services they provide and/or data they contain, including criticality and sensitivity levels. Perform risk assessments.
  • Identify: Document IT systems, perform baseline assessments, collect all device information, and document everything, including anomalies or outlying information.
  • Contain: Isolate devices and systems determined to be affected to limit exposure and prevent further compromise. Determine best course of action to fix issues.
  • Eradicate: Remove infections, such as malware to sanitize devices. Also, identify root cause(s) attributing to incident and take steps to mitigate further attacks.
  • Recover: Carefully monitor affected systems as they are brought back online. Test and verify devices have returned to their normal operating procedures.
  • Report: Document all incident findings, steps taken to resolve issues and tasks performed to mitigate future occurrences. Additionally, it is imperative to list “lessons learned” during the process in an effort to provide iterative feedback that can be used to strengthen response teams and further mitigate risk by streamlining any processes that could be improved.

“Over a year ago, we added Jamf Protect for our Macs, which has become an important tool for our security certification compliance which directly affects our government funding.” – Paul Jack, Solutions Engineer, Science Museum Group

Additionally, we’ll review some of the principles that will serve to guide your enterprise’s IT and security strategy, uniting them to work toward one common goal. By transforming it into a core function, this enables the ability to address security incidents with:

  • Maximum speed, agility and efficiency
  • Proactively mitigate risks
  • Leverage powerful technologies
  • Automate and orchestrate remediation workflows
  • Build strong partnerships with stakeholders
  • Cooperate with third-party organizations, including government agencies, specializing in maintaining breaches to information security
  • Reach audit and regulatory compliance
  • Develop actionable data reporting for business intelligence

Need additional help managing the security of your Mac fleet? Jamf provides powerful security, identity and endpoint management tools that enable organizations to mitigate risks and contain threats while continuing to deliver the unique Apple experience users love – without negatively impacting performance.

Put our security to the test with a free trial today

or contact your preferred reseller of Apple hardware to get started.

Photo of Jesus Vigo
Jamf
Jesus is a Copywriter, Security focused on expanding the knowledge base of IT, Security Admins - generally anyone with an interest in securing their Apple devices - with Apple Enterprise Management and the Jamf solutions that will aid them in hardening the devices in the Apple ecosystem.
Browse Blog
by Category:
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.