Blog post

How to Plan and Execute Modern Security Incident Response – NEW

By Augusto Barros | April 13, 2016 | 0 Comments

incident response

I had the opportunity to work with Anton on updating one of his best documents, “How to Plan and Execute Modern Security Incident Response”, which was published today on (GTP Access required). The document is a nice assessment of what organizations should be doing in terms of incident response today. It covers some of the basics, but also the changes we’ve been seeing in those practices in the past couple of years, especially the move to continuous IR. As we say there,

“The traditional route of detecting incidents using security monitoring technologies is not the whole answer to today’s threat landscape, which is laden with skilled and persistent threat actors. Leading organizations don’t just develop excellent security monitoring capabilities that operate in near-real time (such as mature SOC capabilities based on SIEM tools). They also seek to explore the data they collect in order to discover — rather than detect in real time — incidents that their own detection controls missed.”

This is just one of the juicy bits from the document. You can read more about in Anton’s blog.

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Leave a Comment