Apply NIST CSF to respond to security incident

In this activity, I consider a scenario involving a multimedia company that offers online marketing solutions to small businesses experienced a DDOS attack,  which compromised the internal network for two hours until it was resolved. This scenario is a simulation to demonstrate my skills and all confidential data are masked to protect privacy and safety.

During the attack, the organization’s network services suddenly stopped responding due to an incoming flood of ICMP packets. Normal internal network traffic could not access any network resources. The incident management team responded by blocking incoming ICMP packets, stopping all non-critical network services offline, and restoring critical network services. 

The company’s cybersecurity team then investigated the security event. They found that a malicious actor had sent a flood of ICMP pings into the company’s network through an unconfigured firewall. This vulnerability allowed the malicious attacker to overwhelm the company’s network through a distributed denial of service (DDoS) attack. 

To address this security event, the network security team implemented: 

• A new firewall rule to limit the rate of incoming ICMP packets

• Source IP address verification on the firewall to check for spoofed IP addresses on incoming ICMP packets

• Network monitoring software to detect abnormal traffic patterns

• An IDS/IPS system to filter out some ICMP traffic based on suspicious characteristics

As a cybersecurity analyst, I was tasked with using this security event to create a plan to improve the company’s network security, following the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). Please find below my incident report analysis.