Our updated security incident response (IR) paper, now renamed “How to Plan and Execute Modern Security Incident Response” (Gartner GTP access required) has just published.
Some fun quotes follow below:
- “Effective security IR fuses together technical and nontechnical resources, which are bound by the incident response policy, procedures and plans. Most organizations have an underdeveloped and underfunded incident response strategy and capability.”
- “This advice — to create an IR plan, now nearly a quarter of a century old — is certainly not heeded by all organizations; organizations continue to struggle with the right amount of information and the right scope of their incident response plans. […] Furthermore, the “aha” moment for many organizations is in drawing the line between “doing the planning” and “having a plan.”
- “Anecdotal evidence suggests that incidents for which organizations have specifically planned for and prepared for end up costing less than those the organizations did not think of. “
- “Gartner clients reported that one of the biggest mind shifts and incident response practice changes was the increased role of accurately scoping the incident.”
- “Even organizations that complain that they are “drowning in data” probably need more visibility-focused tools [such as SIEM, EDR, UBA / UEBA, etc], if not more data [for their IR efforts].”
- “The cross-silo nature of modern IR is further emphasized in cases of real APT intrusions. Looking at logs, traffic, endpoints, and user and application activity is often essential to uncovering subtle intruder traces.”
Related blog posts announcing research publication:
- Our New Paper on Security Monitoring Use Cases Publishes
- Our 2016 SIEM Papers Are Out!
- Our Vulnerability Assessment Vulnerability Management Research Publishes
- 2030: Have They Social Engineered Your AI?! [our Maverick piece published]
- My “Evaluation Criteria for Security Information and Event Management” 2015 Update Publishes
- My “How to Monitor the Security of Public Cloud Resources” Publishes
- My “Demystifying Security Analytics: Sources, Methods and Use Cases” Paper Publishes
- My “How to Work With an MSSP to Improve Security” Paper Publishes
- Our “Selecting Security Monitoring Approaches by Using the Attack Chain Model” Publishes
- All My Research Published in 2015
- All My Research Published in 2014
- All My Research Published in 2013
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.