Response to Incidents

Last Updated : Apr 19, 2022 |

Containment, eradication and recovery is the recommended process to follow if a security incident has been detected:

  • Attacked/compromised systems should be isolated or otherwise protected as soon as possible.

  • Avaya customers with information regarding any discovered security problems with Avaya products should create a Service Request using the Self Service link on https://support.avaya.com, or by contacting the Customer Support phone number under the Maintenance Support link (1-800-242-2121 for US domestic customers). Non-Avaya customers wishing to report a security finding with Avaya products should send this information to securityalerts@avaya.com. See Avaya Product Security Support for further information.

  • Avaya provides a document to assist customers with security requests, see https://downloads.avaya.com/css/P8/documents/100161515.

  • If the attack is IP based, it may be possible to trace the source IP address to the ISP it's registered to and report it. In addition the IP address or subnet can be blocked by the firewall.

  • A general guide to incident handling is provided by NIST Special Publication (SP) 800-61, Computer Security Incident Handling Guide. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf.