Skip to main content

Incident Response Documentation for NoCode-X.com

Overview

Incident response at NoCode-X.com is governed by a robust Incident Response Policy. This policy ensures that incidents are managed effectively, minimizing impact on operations and customers. The policy is supported by specific use cases and detailed response plans for various scenarios.

Incident Response Policy

The Incident Response Policy outlines the following key principles:

  • Detection and Alerting: Anomalies are detected through monitoring systems, and alerts are sent to the responsible teams.
  • Response Coordination: The DevOps and Security teams collaborate to address incidents promptly.
  • Communication: Customers are informed in a timely manner during and after incidents that may impact them.
  • Continuous Improvement: Lessons learned from incidents are used to improve processes and systems.

Specific Incident Scenarios

1. DDoS Attacks

  • Mitigation: DDoS attacks are mitigated using Cloudflare CDN, which provides robust protection against volumetric and application-specific attacks.
  • Response Plan:
    1. Fine-tune Cloudflare's DDoS protection settings to mitigate the ongoing attack.
    2. Collaborate between DevOps and Security teams to ensure uninterrupted service.
    3. Communicate with customers if there is any potential or actual impact.
  • Key Features:
    • Protection against network and application-layer attacks.
    • Real-time adjustments to mitigate threats.

2. Ransomware Attacks

  • Mitigation: In the event of a ransomware attack, the following steps are taken:
    1. Assess the ongoing attack and identify the initial attack vector to prevent recurrence.
    2. Use Infrastructure as Code (IaC) and the last known good backup to restore services.
    3. Implement mitigation actions to prevent replay attacks.
  • Key Features:
    • Full system recovery using IaC and backups.
    • Focus on root cause analysis before restoration.

3. Zero-Day Vulnerability Exploitation

  • Mitigation: A risk-based approach is used to handle zero-day vulnerabilities:
    1. If necessary, senior management may decide to take services offline to protect customer interests.
    2. Immediate actions are taken to stop exploitation, leveraging attack surface reduction and up-to-date systems.
  • Key Features:
    • Proactive measures to minimize risk.
    • Clear communication with customers regarding potential SLA impacts.

4. Reputation-Damaging News Reports

  • Mitigation:
    1. Validate the credibility of news sources.
    2. Contact the content creator to address inaccuracies.
    3. If necessary, pursue legal action to mitigate damage.
  • Key Features:
    • Focus on transparency and timely response.
    • Legal recourse as a last resort.

5. Impersonation of the Company or Brand

  • Mitigation:
    1. File a complaint with the local police and the online service provider hosting the impersonation.
    2. Request takedown through official procedures.
    3. Pursue legal action if there is material or immaterial damage.
  • Key Features:
    • Parallel legal and procedural actions.
    • Strong focus on brand protection.

Specific Considerations for Self-Hosted Environments

For customers who choose to deploy NoCode-X in a self-hosted environment, the following considerations and responsibilities apply:

1. DDoS Protection

  • Responsibility: Customers are responsible for configuring their own DDoS protection.
  • Support: NoCode-X provides guidance and best practices for setting up DDoS protection in self-hosted environments.
  • Recommendation: Use a robust CDN or DDoS mitigation service, such as Cloudflare, to protect against volumetric and application-specific attacks.

2. Backup and Recovery

  • Responsibility: Customers must ensure proper backup configurations for their self-hosted environments.
  • Support: NoCode-X provides tools and documentation to enable out-of-band configurations for backups.
  • Key Features:
    • Full alternative restore capabilities.
    • Recovery to a prior point in time using IaC and backup tools like Velero.

3. Incident Logging and Auditability

  • Responsibility: Customers must configure logging to ensure auditability of incidents.
  • Support: NoCode-X provides out-of-the-box logging capabilities to track changes and access to sensitive information.
  • Key Features:
    • Insights into who changed or accessed information.
    • Detailed logs to support incident investigations.

4. Ransomware Recovery

  • Responsibility: Customers must ensure proper API configurations and logical coding to prevent vulnerabilities.
  • Support: NoCode-X provides tools to recover from ransomware attacks, including full data recovery from backups.
  • Key Features:
    • Assurance of out-of-band configurations.
    • Recovery to a clean state using IaC and backups.

Use Cases for Incident Responders

1. Audit Logging

  • Feature: Out-of-the-box audit logging provides clear insights into:
    • Who changed information.
    • Who accessed sensitive information.
  • Benefit: Helps customers track unauthorized access and changes.

2. Sensitive Information Access

  • Feature: Logs access to sensitive, labeled information.
  • Benefit: Provides evidence of access, addressing common gaps in logging practices.

3. DDoS Protection

  • Feature: Cross-platform DDoS protection is provided for SaaS customers.
  • Self-Hosted Responsibility: Customers using self-hosted solutions must configure their own DDoS protection, with support available from NoCode-X.
  • Benefit: Ensures service availability during attacks.

4. Ransomware Recovery

  • Feature: Out-of-band configurations allow recovery to a prior point in time.
  • Benefit: Enables full data recovery in case of logical errors or misconfigured APIs.

Contribution to Standards and Frameworks

1. ISO 27001:2022

  • Clause 6.1.2: Risk assessment and treatment are addressed through detailed incident response plans for DDoS, ransomware, and zero-day vulnerabilities.
  • Clause 8.2: Operational planning and control are demonstrated through the use of IaC, backup strategies, and recovery procedures.
  • Annex A.5.25 - A.5.27: Incident management planning, response, and learning from incidents are fully integrated into the policy.

2. NIST-53 CSF

  • Identify (ID): Threat intelligence and risk-based approaches align with the "Identify" function.
  • Protect (PR): DDoS mitigation, secure backups, and access control mechanisms contribute to the "Protect" function.
  • Detect (DE): Logging and monitoring ensure timely detection of anomalies.
  • Respond (RS): Detailed response plans for specific incidents align with the "Respond" function.
  • Recover (RC): Backup and recovery strategies ensure resilience and align with the "Recover" function.

3. Cyber Essentials (Cyber Fundamentals)

  • Secure Configuration: Default configurations are hardened, and unnecessary services are disabled.
  • Access Control: Strong authentication and role-based access control are implemented.
  • Patch Management: Regular updates and emergency patching procedures are in place.
  • Malware Protection: Ransomware recovery and DDoS mitigation ensure protection against malicious attacks.
  • Network Security: Cloudflare CDN and secure network configurations protect against external threats.

Supporting Evidence

The following evidence supports the incident response capabilities of NoCode-X.com:

  1. Cloudflare CDN: Provides DDoS protection with a global network capacity of 280 Tbps.
  2. Backup and Recovery:
    • Backups are taken twice daily using Velero.
    • Recovery Point Objective (RPO): 12 hours.
    • Recovery Time Objective (RTO): 12 hours.
  3. Infrastructure as Code (IaC):
    • Kubernetes deployments are managed using HELM charts.
    • Full system recovery is possible using IaC and backups.
  4. Audit Logging:
    • Integrated with Google Stackdriver for SaaS deployments.
    • Customizable logging for self-hosted environments.

Continuous Improvement

NoCode-X.com is committed to improving its incident response processes by:

  • Regularly testing recovery procedures.
  • Updating response plans based on lessons learned.
  • Incorporating customer feedback to enhance resilience.

Conclusion

The incident response framework at NoCode-X.com ensures robust protection and recovery capabilities for both the platform and its customers. By leveraging advanced technologies, clear processes, and continuous improvement, NoCode-X.com demonstrates its commitment to operational resilience and customer trust.