The future of Incident Response?

Computer and phone with code on the screen.

e2e attended the SecurityExpo at Excel earlier in the week and managed to listen to a few key note speakers. We were very interested in “The Future of Incident Response” talk by Bruce Schneier and thought we should add our thoughts…

So what do e2e think is the future of incident response?

Incident response is all about Technology, Process and People.


Is in an abundance, you can take your pick from a vast pool of excellent commercial and open source security tools. Technology slowly gets better but in the security/protective monitoring space we aren’t expecting technology to provide all the answers in the future.

Process or processes

Are becoming more important. Organisations that recognise that security technology is relatively pointless without good processes are on the right path. Processes are important in incident response as they ensure that the most efficient course of action is taken – vital in the ‘few against many’ scenarios we find ourselves in when defending against cyber attacks. So processes need to keep evolving in the future and we need to learn to practice them. There is no other way to do this bit, just ask the Forces. Practice responding over and over again until you have it nailed. Even roll out the stopwatches…


Are the key to effective response. We often try to explain why by contrasting a security event with a typical operational event such as a server failing. There are very few ‘on or off/0 or 1/broken or fixed/up or down’ type of security events that can automatically be rectified. Whilst we can understand that we could use technology to restart a failed server process automatically we can find few examples of applying automation to security events. Why? Security events are ‘maybe’s’, ‘could be’s’, and ‘might be’s’. They aren’t ‘down or up’; they are something else. To find out what they are requires people. Expert people. Expert people with practised processes and excellent, focused technology. The processes and technology should be designed to serve the person. In incident response they are indeed subservient.

The future of incident response according to e2e?

A shift from expecting technology to solve the problem to relying on people.

Stop investing in the latest SEIM, stop swooning over ‘big data’ and start with your people.

For un-biased expert advise on how you can better prepare your people, process and technology reach out to our consultancy team today.

Stay up to date with our latest threat briefings

Stay up-to-date on the latest in cyber security with e2e-assure’s threat briefings. Our briefings feature the latest news and trends in cyber security, as well as updates on our services and solutions. By signing up, you’ll be among the first to know about new cyber threats and how to protect your business against them. You’ll also receive exclusive content, such as whitepapers and case studies, that can help you stay informed about best practices for cyber security.

Don’t miss out on this valuable resource – sign up for our threat briefings today and stay one step ahead of cyber threats.