What is Incident Response?
As defined by NCSC, incident response is the process organisations give to directing support when they become victims of a cyber attack. Many insurance companies look favourably at an incident response retainer when setting insurance premiums and with the never slowing rate of cyber attacks and ever developing TTP’s, it is something that is strongly worth considering.
Does e2e-assure provide Incident Response?
As specialists in Managed Threat Detection and Response, our aim is to ensure you never need to use your incident response retainer. Our internal team and technology development is solely focussed on continually improving our ability to detect and immediately respond to malicious activity. Therefore, we do not directly offer incident response capabilities. Instead we partner with specialists to ensure our customers receive the best and most dedicated service possible.
Our current partners are:
The 3 key factors to consider around incident response?
Incident response is all about Technology, Process and People.
Technology
Is in an abundance, you can take your pick from a vast pool of excellent commercial and open source security tools. Technology slowly gets better but in the security/protective monitoring space we aren’t expecting technology to provide all the answers in the future.
Process or processes
Are becoming more important. Organisations that recognise that security technology is relatively pointless without good processes are on the right path. Processes are important in incident response as they ensure that the most efficient course of action is taken – vital in the ‘few against many’ scenarios we find ourselves in when defending against cyber attacks. So processes need to keep evolving in the future and we need to learn to practice them. There is no other way to do this bit, just ask the Forces. Practice responding over and over again until you have it nailed. Even roll out the stopwatches…
People
Are the key to effective response. We often try to explain why by contrasting a security event with a typical operational event such as a server failing. There are very few ‘on or off/0 or 1/broken or fixed/up or down’ type of security events that can automatically be rectified. Whilst we can understand that we could use technology to restart a failed server process automatically we can find few examples of applying automation to security events. Why? Security events are ‘maybe’s’, ‘could be’s’, and ‘might be’s’. They aren’t ‘down or up’; they are something else. To find out what they are requires people. Expert people. Expert people with practised processes and excellent, focused technology. The processes and technology should be designed to serve the person. In incident response they are indeed subservient.
The future of incident response according to e2e?
A shift from expecting technology to solve the problem to relying on people.
Stop investing in the latest SEIM, stop swooning over ‘big data’ and start with your people.
For un-biased expert advise on how you can better prepare your people, process and technology reach out to our consultancy team today.