SANS Report: Incident Response

Thursday, August 14, 2014 @ 03:08 PM gHale


High-profile security breaches and attacks mean security practitioners find themselves thinking about incident response.

But, just how do they deal with an incident? A new SANS incident response survey, sponsored by AccessData, AlienVault, Arbor Networks, Bit9 + Carbon Black, HP and McAfee/Intel Security, takes a look at how companies deal with an incident.

RELATED STORIES
IoT Devices Vulnerable to Attacks: Report
Spam Indicates Security Vulnerabilities
Organizations ‘More Vulnerable Than They Think’
Endpoints Need More Security: Report

“Many small organizations think they are a less significant target to sophisticated attackers and are, therefore, safe from intrusion,” said SANS Analyst and author Alissa Torres. “As last week’s discovery of the loss of 1.2 billion usernames and passwords from 420,000 websites demonstrated, nothing could be farther from the truth.”

Organizations of all sizes are facing incidents that require incident response capabilities. However, only 9 percent of survey respondents labeled their incident response capabilities as very effective, and 26 percent remained dissatisfied, citing lack or time to review and practice procedures (62 percent) and lack of budget (60 percent) as key impediments to effective response.

“Overall, organizations are not ready to handle their incident response requirements,” said Jake Williams, SANS analyst and incident response professional. “Having a plan in place to address incidents, including delineation of what constitutes an incident, enables organizations to address issues when they do arise.”

Along those lines, 43 percent of respondents did not have formalized incident response plans and 55 percent didn’t have formal incident response teams. “Both of these situations lead to disjointed approaches to managing and remediating incidents, resulting in delayed responses and more costly mitigation,” Williams said.

Survey results point to automation and security information and event management integration tools as key means to improving incident response processes. Other recommendations provide insights into how to grow incident response capabilities.

Full results will end up shared during a two-part webcast, which will also talk about incident response plans, attack histories, where organizations should focus their response efforts, and how to put all of the pieces together.

Part 1—Incident Response Techniques and Processes: Where We Are in the Six-Step Process, occurred today at 1 p.m. eastern time. It focused on survey results and where we are as an industry in terms of the incident response process. Register here to attend the complimentary webcast.

Part 2—Growing and Maturing an IR Capability, Friday, August 15, at 1 p.m. eastern time, will focus on survey results about capability for incident response and how to grow those capabilities. Register here to attend this complimentary webcast.

Those who register for either webcast will also receive access to the published results paper developed by SANS analyst and incident response expert, Alissa Torres.



Leave a Reply

You must be logged in to post a comment.