By Mike Wood, Engineer at CounterTack
One of the key elements contributing to the success of IR operation is the quality of data IR team has access to. It is of no surprise that organizations today already collect vast amounts of data. However, a high quantity does not always ensure success. In fact, sometimes the quality of the information is inversely proportional to the raw quantity of the data.
Just like the journalist chasing a news story, the IR analyst has to be able to answer the essential questions of “Who, What, When, Where, How and Why”. With the endpoint being the primary field of battle operation today, an organization that has prepared itself for a response to an attack should be able to help Incident Responders answer those essential questions.