SBN

Gartner insight on incident response management

If you’ve visited this blog over the past several months, you know that we believe information security is at a critical crossroads. For years, organizations have relied heavily on detection solutions that, although effective, produce too many alerts for most security operations centers (SOCs) to handle manually; inevitably something falls through the cracks. As such, we believe the only way that companies can effectively protect themselves is to focus more on incident response management.

As it turns out, we feel we are not alone in our perspective. Gartner, the world’s leading IT research analyst firm, is now advocating a more well-rounded approach to cyber security as well. Last year, Gartner analysts Neil MacDonald and Peter Firstbrook wrote a paper entitled “Designing an Adaptive Security Architecture for Protection From Advanced Attacks,” which noted in its summary:

“Enterprises are overly dependent on blocking and prevention mechanisms that are decreasingly effective against advanced attacks. Comprehensive protection requires an adaptive protection process integrating predictive, preventive, detective and response capabilities.” 1

The trend toward incident response management can also be observed in a look at the agenda of the firm’s upcoming Security & Risk Management Summit. It lists numerous topics related to incident response—some of which we have already covered on this blog—including:

With a respected firm like Gartner advocating incident response management, numerous automation tools and solutions aimed at the space will undoubtedly hit the market over the next several years. But before CIOs or CISOs invest in any of these tools, they should have a clear picture of exactly how their SOCs function now—the processes their experts utilize to respond to alerts, their most crucial metrics and most common pain points. Only with that information in hand can decision makers ensure that they are investing in a tool that solves their specific use cases.

At that point, CIOs and CISOs can make an evidence-based decision about what solution best meets their incident response needs and look confidently to the future.

1 Gartner, Designing an Adaptive Security Architecture for Protection From Advanced Attacks, Neil MacDonald, Peter Firstbrook, February 12, 2014, refreshed November 19, 2014

*** This is a Security Bloggers Network syndicated blog from Swimlane (en-US) authored by Cody Cornell. Read the original post at: https://www.swimlane.com/blog/gartner-insight-on-incident-response-management/

Avatar photo

Cody Cornell

Cody is responsible for the strategic direction of Swimlane and the development of our security orchestration, automation, and response (SOAR) platform. At Swimlane we advocate for the open exchange of security information and deep technology integration, that maximizes the value customers receive from their investments in security operations technology and people. Collaborating with industry-leading technology vendors, we work to identify opportunities to streamline and automate security activities saving customer operational costs and reducing risk.

cody-cornell has 133 posts and counting.See all posts by cody-cornell