IBM’s 2018 Cost of a Data Breach study shows that the impact of a data breach on an organization averages $3.86 million, while more serious and severe “mega breaches” can cost hundreds of millions of dollars. The difference between a data breach and a “mega breach” often comes down to the effectiveness and speed of the incident response process.
The most successful incident response programs are excellent in the following core areas: visibility, incident management, workflows, threat intelligence, and collaboration/information-sharing.
The following lines will focus on the things required to achieve excellence in each of these components from a systems level perspective.
With the variety and number of security products deployed in the average enterprise, visibility into the output of these tools is the basis of all incident response systems. Aggregating data feeds from commercial and open-source products, as well as anything developed in-house, is required.
When deploying an incident response management system, take into consideration platforms that support the most common security products out of the box. Since few can support everything by default, flexibility to add bi-directional integrations with security products which are not supported by default is an important issue.
Read the full article here.