From Ad-Hoc to SOC: First steps to growing your cyber incident response team capabilities in an ROI driven world

Posted byMike Fowler - 03rd Feb 2017
growing your cyber incident response team capabilities

In my role as VP of Services at DFLabs, I get the opportunity to speak to stakeholders at every level pertaining to concerns they have about their current cyber incident response processes and how they are currently dealing with the challenges. From the analyst who deals with an ever-increasing number of alerts to the CISO who is constantly evaluating how best to apply limited funds and personnel, they all have one overwhelming concern; how best to build what they have into what is needed to successfully handle the evolving threats to data security.

Organizations typically will leverage the resources they currently possess. Spreadsheets become incident trackers. Ticketing and project management applications become investigation coordination repositories. Governance, risk and compliance software becomes the reporting platform. While the ROI for leveraging existing resources can’t be understated, the issue quickly becomes one of scalability. These systems comprised of patchwork applications that are unable to work together symbiotically are quickly outgrown.

We can all agree that no single solution is the magic bullet that will solve all incident response challenges. Any progress will begin with a centralized incident response orchestration platform that acts as a force multiplier for your existing personnel and resources. You wouldn’t use a spoon to dig a 6-foot hole when there are tools designed to dig the hole that are more efficient and effective. This platform should include at a minimum:

  • A solid platform of cyber incident management –A cost-effective incident management platform designed for each stage of the incident response life cycle is the foundation for immediate and long-term success and organizational expansion. A successful platform will be able to incorporate your existing infrastructure and personnel and increase their capabilities. It should not require hiring new personnel or expensive professional services to be effective.
  • Actionable intelligence – Intelligence feeds such as TAXII or other feeds that support STIX can add additional information that promotes informed decision making during each stage of the incident response life cycle.
  • Seamless integration with existing and future technologies – To expand with customer and infrastructure needs, an orchestration platform must be able to not only leverage existing technologies but offer the capability to expand for future integrations as needed.
  • True incident orchestration – Provides the ability to utilize Supervised Active Intelligence™ (SAI), to make informed decisions at each stage of the incident response life cycle while providing a 360-degree view of the incident. This includes critical incident enrichment data with a choice of Human to Machine and/or Machine to Machine actions with consistent, defendable, results across a variety of incident response scenarios.

At DFLabs we have integrated these features and more to give stakeholders the tools they require, built on a platform that gives them the confidence they need. DFLabs’ IncMan® is ranked as one of the most innovated incident response orchestration platform that provides the same unparalleled value to the incident responder as it does to the CISO. Our advanced technology empowers our customers to receive, respond and remediate cyber incidents at a total cost of ownership unavailable elsewhere.

If you’re interested in seeing how we can work together to grow your incident response capabilities while keeping an eye on the ROI bottom line, visit us at https://www.DFLabs.com and schedule a demonstration of how we can utilize what you already have and make it better.