Threat Landscape Expansion During Covid-19: Remote Incident Response Handling

This paper provides an automated remote incident handling solution for an Information Security organization that rushed to become work-from-home type businesses because of Covid-19. This paper demonstrates a suitable solution to solve two separate problems. The first problem is to develop a method to enhance both incident response and threat hunting remotely. This is accomplished by developing a triggering mechanism based on the Microsoft Windows Defender antivirus system. The trigger subsequently executes a snapshot of the workstations condition for use by the cybersecurity professionals to determine if this is a false positive or a true positive event. The second problem attempted to solve the issue is to create a local logging mechanism to assist with basic forensics analysis of the remote worker's activity. In a typical enterprise environment, this solution can be utilized efficiently by either a remote desktop protocol or by simply physically picking up the device for further analysis.