I had the opportunity to work with Anton on updating one of his best documents, “How to Plan and Execute Modern Security Incident Response”, which was published today on Gartner.com (GTP Access required). The document is a nice assessment of what organizations should be doing in terms of incident response today. It covers some of the basics, but also the changes we’ve been seeing in those practices in the past couple of years, especially the move to continuous IR. As we say there,
“The traditional route of detecting incidents using security monitoring technologies is not the whole answer to today’s threat landscape, which is laden with skilled and persistent threat actors. Leading organizations don’t just develop excellent security monitoring capabilities that operate in near-real time (such as mature SOC capabilities based on SIEM tools). They also seek to explore the data they collect in order to discover — rather than detect in real time — incidents that their own detection controls missed.”
This is just one of the juicy bits from the document. You can read more about in Anton’s blog.
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.