The Network Operations Center has identified and escalated an active denial of service incident on the mail server and several externally facing web sites to the security team for review. What are the next steps for the NOC team?
The Network Operations Center has identified and escalated an active denial of service incident on the mail server and several externally facing web sites to the security team for review. What are the next steps for the NOC team?
Once the Network Operations Center (NOC) has identified and escalated the active denial of service incident to the security team, their primary responsibility is to continue monitoring the events and provide ongoing information directly to the security team. This ensures that the security team has the latest information to analyze and respond appropriately to the incident. Issuing a company-wide alert might create unnecessary panic, and enabling IPS and firewall controls is typically the responsibility of the security team. Contacting web and mail administrators with a remediation solution also falls under the security team's domain of action.
It's B. NOC team already identified and escalated the incident, following IR actions are on IR team. NOC should continue monitoring.