One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1231305 |
| Date de publication | 2019-07-29 13:00:00 (vue: 2019-07-29 16:00:39) |
| Titre | Post-incident review and the big data problem |
| Texte |
Across the board, security teams of every industry, organization size, and maturity level share at least one goal: they need to manage risk. Managing risk is not the same as solving the problem of cybersecurity once and for all, because there is simply no way to solve the problem once and for all. Attackers are constantly adapting, developing new and advanced attacks, and discovering new vulnerabilities. Security teams that have accepted the post-breach mindset understand that cybersecurity is an ongoing chess match with no end. They focus on reducing risk as much as possible through visibility and automation, instead of searching for a one-size-fits-all solution.
Incident response plays a key role in effectively reducing risk. In a breach, the average cost per lost or stolen record is $148, and having an incident response team reduces this cost by almost 10%. Because of the human component of critical thinking that goes hand-in-hand with response and resolution, incident response is not something you can totally automate. But that doesn’t change the fact that it is something organizations absolutely need in the event of a breach. Despite this, 77% of IT professionals say their organization does not have a formal cybersecurity incident response plan. Instead, organizations respond in an ad-hoc fashion to threats without digging for the root cause of the incident and resolving it. Incident response is an under-utilized asset that has organizational and defensive, immediate and long-term benefits.
An incident response team is accountable for having a plan to handle an incident and implementing it. They’re prepared to mitigate damage, identify the root cause of an incident, and communicate with the proper channels. But they are also responsible for another crucial part of incident response: the post-incident review.
Post-incident review is about identifying every aspect of an incident down to its true root cause. It answers critical questions like what happened before, during, and after the attack. By answering these questions, organizations can ensure the same attack doesn’t happen twice. They review the attack, and identify and close all gaps in their defense that the attacker leveraged.
However, this leaves post-incident review with a major problem.
It takes organizations an average of 191 days to identify a data breach. For a post-incident review that does its due diligence, this means potentially going all the way back in time through at least 191 days’ worth of data to find the root cause of the attack. Consider all of the data in your environment that has come and gone over the course of 191 days. How many investigations have your analysts performed in that time?
To put this into perspective, 27 |
| Envoyé | Oui |
| Condensat | $148 191 500 able about absolutely accepted access accountable across adapting address advanced after all almost also amounts analysts another answering answers are aspect asset attack attacker attackers attacks automate automation average back because before benefits big board bottom breach but can cause change channels chess close come communicate company component consider constantly consumable correlate correlated cost course critical crucial cybersecurity daily damage data days days’ defense defensive despite developing development difficult digging diligence discovering does doesn’t down due during dwell easily effectively end ensure enterprise’s environment evaluating event every fact fashion find fits focus forensics formal fortune gaps generate goal: goes going gone hadn’t hand handle happen happened has have having hoc how however human identify identifying imagine immediate implementing important incident incoming incorporating industry infrastructure instead investigations its just key large least leaves legacy level leveraged like limited line: log logs long lost major make manage management managing many massive match maturity means million mindset miss mitigate month; months months’ more much need network new not now once one ongoing only option organization organizational organizations out over part per performed perspective phase plain plan plays point possible post potentially prepared principles problem professionals proper properly put query questions raw reached receiving record reduces reducing reported requires resolution resolving respond response response: responsible review risk role root same say science searching security see sets share simply six size soc solution solutions solve solving something sort stolen takes team teams ten terabytes term text than these they’re thinking thousand threats three through time tools totally true trying twice two under understand until using utilized visibility vulnerabilities way weeks what when where which without worth you’re your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.