Bethesda, MD, July 15, 2019 – Organizations are making some crucial improvements in incident response (IR), according to results of the SANS 2019 Incident Response Survey to be released by SANS Institute on August 1, 2019 and discussed on August 2.
“It is gratifying to see that organizations are improving on important metrics,” says Matt Bromiley, SANS analyst/instructor and author of the survey. “For the second year in a row, results showed an improvement in how incident response (IR) teams are responding to incidents.”
In fact, 67% of respondents indicated that they moved from detection to containment within 24 hours—a 6% uptick from last year. Interestingly, time to remediation was a bit longer. Still, 89% of remediation efforts are occurring within 30 days.
“That 30 days may seem long to some, but a month to remediate may actually be quick, depending on the nature of the incident and data to be replaced,” continues Bromiley. “Depending on the type of incident, remediation can be a complex problem to solve, and we would rather see an organization take its time to perform the right remediation, rather than the fastest.”
Despite these improvements, many organizations are still showing severe gaps in visibility—a critical problem that needs to be front and center. Organizations can’t truly determine their security posture if they are blind to portions of their environment. Many respondents are still expressing concerns about levels of staffing and their skills shortage, problems that may require some out-of-the-box thinking.
Full results will be shared during an August 1, 2019 webcast at 1 PM EDT, sponsored by DFLabs, DomainTools, ExtraHop, InfoBlox, King & Union, OpenText, and Unisys, and hosted by SANS. Register to attend the August 1 webcast at https://www.sans.org/webcasts/110110
Representatives from DomainTools and ExtraHop join Matt Bromiley on August 2 at 1 PM EDT for a panel discussion. Register to attend that webcast at https://www.sans.org/webcasts/110115
Those who register for the webcasts will also receive access to the published results paper developed by SANS Analyst and incident response expert, Matt Bromiley.
Tweet This:
Don’t miss the 2019 SANS #IR Survey results with SANS expert @mbromileyDFIR | 8/1 @ 1PM ET | https://www.sans.org/webcasts/110110
Join SANS expert @mbromileyDFIR on 8/1 as he discusses best practices for improving #incidentresponse functions and capabilities, based on results from the 2019 SANS #IR Survey | https://www.sans.org/webcasts/110110
Gain greater insight into #incidentresponse processes | @mbromileyDFIR discusses selected results with sponsors | 8/2 @ 1PM ET | https://www.sans.org/webcasts/110115