To the extent possible, all intrusion remediation activities are conducted in a coordinated manner during the same planned outage.
Topic
Handling and containing intrusions
Applicable to
all
History
Dec 2021
To the extent possible, all intrusion remediation activities are conducted in a coordinated manner during the same planned outage.
To increase the likelihood of intrusion remediation activities successfully removing an adversary from their system, organisations can take preventative measures to ensure the adversary has limited forewarning and awareness of planned intrusion remediation activities. Specifically, using an alternative system to plan and coordinate intrusion remediation activities will prevent alerting the adversary if they have already compromised email, messaging or collaboration services. In addition, conducting intrusion remediation activities in a coordinated manner during the same planned outage will prevent forewarning the adversary, thereby depriving them of sufficient time to establish alternative access points or persistence methods on the system.