Incident response (IR) is the effort to quickly identify an attack, minimize its effects, contain damage, and remediate the cause to reduce the risk of future incidents.
Let’s Define Incident Response
Almost every company has, at some level, a process for incident response. However, for those companies looking to establish a more formal process, the pertinent questions one must ask are:
Most likely, the answers to these questions will not be optimal, as most companies fall short in one area or more, according to a study by the Ponemon Institute:
77% of companies do not have a formal, consistently applied plan in place
57% indicate there has been an increased amount of time to respond
77% say they have a difficult time hiring and retaining security staff*
On average, it takes 214 days to identify a malicious or criminal attack, and 77 days to contain and recover. It’s clear that better incident response management is needed to fully protect organizations from the growing and accelerating number of threats they face every day.
A. The Right Team – To deliver the most effective incident response, industry experts suggest including the following roles on your team, no matter the size of your company. Obviously, the technical team will take the lead, but there are other functional areas in your company that should be on board, especially if a severe attack occurs. Once the people for these roles are identified, educate them on what their responsibility would be in the event of a serious, extensive attack that has widespread ramifications: Incident response, Security analysis, IT, Threat research, Legal, Human resources, Corporate communications, Risk management, Executive, and External security forensic experts.
B. The Right Plan – A comprehensive incident response plan includes the following tactics and processes at a minimum:
Communication is key when an attack is underway, so ensure that you establish a good communication flow as part of your response plan.
C. The Right Tools – With an increasing number of unknown attacks, the right tools may be able to save your company a lot of time and money – and it will help protect your customers and your brand loyalty.
Information is a critical asset for any incident response plan. Because of that, a cloud-based endpoint security solution typically provides you with the most comprehensive tools for mitigating attacks in the quickest manner, including access to key data through:
Almost any research on the security challenges companies face includes statistics on the difficulty of hiring and retaining skilled security personnel, as did 77% of the people in the above Ponemon study. There is a shortage of nearly two million people for critical security positions that is rapidly approaching globally.
The lack of the right security people can severely impact any incident response, so much so that companies are looking to outsource security functions like this. In fact, Gartner believes that security outsourcing services spend will reach over $18 billion in 2018, the second largest security spend segment after consulting.
Given the difficulty in hiring the right people, this makes sense, because a managed service can quickly fill any gaps you have on your security team. It can help you prioritize alerts, uncover new threats, and accelerate investigations. These services are typically staffed by highly skilled threat experts that can keep a constant watch on your company’s environment, identifying emerging threats and providing access to critical security services when your team needs the most help.
Even if you have the right people, the right plan, and the right tools in house, there is still a possibility that something will slip through, so why take that risk? It helps to work with the right vendor that can offer you a cloud-based endpoint security platform – as well as advanced threat hunting capabilities.
As mentioned above, managed threat hunting experts can keep watch over your environment and notify your team of emerging threats. These experts can:
A team of threat hunters can also give you coverage and threat triage across your entire endpoint deployment, so your team can focus on the most critical alerts. And you’ll have access to global threat intelligence that helps you stay one step ahead of future attacks.