Research

By Mike Rothman

The good news for incident responders is that you no longer need to make the case for what you do and why it’s important. Everyone is watching. Here is a quote from the paper:

Not that mature security organizations didn’t focus on responding to incidents before 2012, but since then a lot more resources and funding have shifted away from ineffective prevention towards detection and response. Which is awesome!

Additionally, responding is far more complicated today due to the increased skill of adversaries, mobile devices which have democratized access and and locations of data, and an infrastructure that increasingly embraces the cloud – impacting visibility and requiring fundamentally different thinking. That doesn’t even mention the challenges of finding, hiring, and retaining skilled responders. As the need to respond to incidents increases, you cannot scale by throwing people at the problem, because they don’t exist.

CAIR ToC

But the news is not all bad – the tools available to aid responders have improved significantly. There is far more telemetry available, from both the network and endpoints, enabling far more granular incident analysis. You also have access to threat intelligence, which offers improved understanding of attackers and their tactics, narrowing the aperture you need to investigate.

As with everything in security, we need to evolve and adapt our processes to address the current reality. Our Incident Response in the Cloud Age paper digs into impacts of the cloud, faster and virtualized networks, and threat intelligence on your incident response process. Then we discuss how to streamline response in light of the lack of people to perform the heavy lifting of incident response. Finally we bring everything together with a scenario to illuminate the concepts.

We would like to thank SS8 for licensing this paper. Our Totally Transparent Research method provides you with access to forward-looking research without paywalls.

Download: Incident Response in the Cloud Age