Armies train for war during times of peace, and before an imminent conflict, troops harden and fortify their position to provide an advantage in the battle to come. Incident responders know that all networks are potential targets for cyber threat actors. The modern reality is one of when, not if, a network will be attacked. We must therefore prepare ourselves, our network, and our battle plans to maximize our chances of success when the adversary comes. This chapter will look at ways to prepare your people, processes, and technology to support effective incident response and contribute to the cyber resiliency of your environment.

Preparing Your Process

In Chapter 1, “The Threat Landscape,” we explored some of the techniques employed by modern adversaries. Threat actors have significantly increased their capabilities and focus on launching cyberattacks. The result of this shift is that traditional, passive approaches to network defense are no longer effective. Perimeter‐based defenses, where we hide in our castles and fortify the walls, are no longer applicable to the modern threat. As network perimeters disappear, cloud technologies are embraced, networks operate with zero trust for other systems, and preventive security controls fail to stop the threat, we must embrace a new approach to secure our environments. That approach is referred to as cyber resiliency.

The U.S. National Institute of Standards and Technology (NIST) released Special Publication ...