TMCnet News
Incident Response: What's Working and How to Be More Proactive--SANS Survey Results ReleasedBETHESDA, Md., Aug. 12, 2015 Incident responders are looking for more automated processes and services to gain better visibility and to conduct faster, more accurate response and remediation, according to the 507 respondents to qualify and take the 2015 SANS Incident Response Survey to be released by SANS Institute in a series of webcasts on August 18 and August 20, 2015. "Incentivized by the devastating data breaches suffered by U.S. companies recently, organizations are moving quickly to grow their incident response (IR) capabilities to facilitate rapid detection of attackers in their networks," says SANS analyst and incident response expert Alissa Torres. As a result of their efforts, respondents showed slight improvements in time to remediation from 2014. Thirty-six percent of respondents reported needing 24 hours or less to remediate a breach, compared to 30% with the same swift reaction in 2014. Respondents attribute improvements to more automated tools, although they still want more automation and integration. This indicates that incident response tools and processes are beginning to mature. Another sign of that maturation: This year's survey showed a number of new specialized job titles to support the IR function, including intelligence analyst, CERT team leader, incident/problem manager, IT security architect or engagement manager. Responders still have a long way to go: They are short on the skills and technologies, and they need more automation and integration across systems that are no longer behind the network firewall, such as apps hosted in the cloud or on personal mobile devices. "Despite these improvements, they face broader and more diverse attacks, including distributed denial of service, data destruction and targeted data theft," continues Torres. Organizations can make additional improvements in their IR capabilities by implementing proactive responses, further driving the need for more automated, integrated processes to follow through on indicators of compromise (IoCs) and fully remediate systems. I the survey, four of the top 10 impediments to IR relate to automation: 45% reported lack of visibility into systems; 37% cited inability to distinguish incidents from normal behaviors; 29% reported too much time needed for remediation; and 28% reported lack of integrated, automated tools. Full results will be shared during a two-part webcast. Part 1, Tuesday, August 18, 2015, at 1 PM EDT, will focus on the current state of IR and how the landscape has changed since 2014. Part 2, Thursday, August 20, 2015, at 1 PM EDT, will focus on how incident responders can be more proactive in their policies and practices. The series is sponsored by AlienVault, Arbor Network, Bit9 + Carbon Black, HP, Intel/McAfee Security, and Rapid7, and hosted by SANS. Register to attend the Part 1 webcast at www.sans.org/u/7j6 and the Those who register for the webcast will also receive access to the published results paper developed by SANS analyst and incident response expert, Alissa Torres. Tweet This 2015 Incident Response Survey Results in 2 Webcasts: Part 1 8/18: www.sans.org/u/7jl; Part 2 8/20: www.sans.org/u/7jq #IR HOT TOPIC WEBCASTS - Incident Response Survey Results: Part 1 8/18: www.sans.org/u/7jl; Part 2 8/20: www.sans.org/u/7jq #IR #infosec About SANS Institute
To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/incident-response-whats-working-and-how-to-be-more-proactivesans-survey-results-released-300127671.html SOURCE SANS Institute 
|