IBM’s 2018 Cost of a Data Breach study shows that the impact of a data breach on an organization averages $3.86 million, while more serious and severe “mega breaches” can cost hundreds of millions of dollars. The difference between a data breach and a “mega breach” often comes down to the effectiveness and speed of the incident response process.
The most successful incident response programs are excellent in the following core areas: visibility, incident management, workflows, threat intelligence, and collaboration/information-sharing.
The following lines will focus on the things required to achieve excellence in each of these components from a systems level perspective.
With the variety and number of security products deployed in the average enterprise, visibility into the output of these tools is the basis of all incident response systems. Aggregating data feeds from commercial and open-source products, as well as anything developed in-house, is required.
When deploying an incident response management system, take into consideration platforms that support the most common security products out of the box. Since few can support everything by default, flexibility to add bi-directional integrations with security products which are not supported by default is an important issue.
Read the full article here.
DFLabs’ Senior Product Manager, John Moran, talks about the 4 concepts that are key to ensuring an effective Incident Management System (IMS), reminding us how the Incident Command System (ICS) developed by California’s public safety authorities decades ago can help improve IT security today.
Read his column on DarkReading here.
Watch John Moran, Senior Product Manager at DFLabs, on a live interview on Security Weekly – The Security Podcast Network for information security professionals by information security professionals.
Watch the full live interview here.
John Moran, DFLabs – Enterprise Security Weekly #78