Managing Security Consultant, Enterprise Incident Management
Jeff Wichman is a managing security consultant in Optiv’s enterprise incident management practice. Jeff’s role is to provide leadership to the enterprise incident management security consultants, technical expertise in digital forensics and incident response programs and processes, and mentoring the Optiv enterprise incident management team.
3 Key Ways To Improve Your Incident Response
An increasing cyber security challenge facing enterprises across the globe is how to effectively respond to security events in a prompt manner.
As modern businesses continue to progress in their digital transformations, they increasingly move to the cloud, adopt IoT and add new tools. This expanding attack surface increases security, financial and reputational risk. In fact, IDC reports that 40% of U.S. firms are attacked at least daily1. Meaning, it is critical for enterprises to develop and implement a proactive incident response (IR) plan that combats an increasing lack of perimeter visibility, in-house expertise and proactive incident response.
Detecting, qualifying, investigating and responding to threats is a full-time job that requires vigilance and a specific skill set. However, shrinking security budgets and a cyber security skills shortage make it extremely difficult for businesses to defend themselves from malicious attacks.
So, how can security teams stop fire-fighting and improve incident response (IR)?
- Plan. Identify security gaps by shining a light on them to increase visibility. Proactive incident management planning enables businesses to develop and evaluate the efficacy of their programs. Enterprises need to develop an incident response plan so that the entire team understands when an event turns into an incident, and more importantly, identify who the subject matter experts are needed for response efforts. Building and maintaining an incident management playbook enables teams to understand the process to respond to scenarios organizations are likely to face from threat actors.
- Automate. Adopting tools and technology to automate repetitive manual tasks enables your security teams to quickly detect, gather data and expedite response to high-risk incidents across the enterprise. Optiv research finds a 96% reduction in the average time to triage an alert after implementing automated workflows.
- Orchestrate. Leveraging orchestration in your IR playbook enables you to employ human control in the automation process. Orchestration aligns the people, processes and technologies required to mitigate incidents with intelligent and agile decision making capabilities. It escalates alerts, provides additional context and notifies the right people and tools to remediate incidents.
Thoughtfully architecting an IR plan that leverages automation and orchestration enables enterprise security teams to gain the speed, agility and expertise required to quickly detect, intelligently respond to and mitigate increasingly complex malicious attacks.
(1) IDC InfoBrief Sponsored by Splunk, The State of Security Operations, April 2017.