Over the past few security conferences, I have noticed something of a trend emerging that centers on the uncertainty and hesitance that some incident response teams have regarding the use of playbooks and, in particular, around the notion of automation in incident response.
Another point of concern seems to be the security tools within existing infrastructure and how an incident response platform looks to make use of these tools. In an ideal scenario, an organization should use everything at its disposal in order to give its teams the best possible options for quick and successful incident response activities.
I think there are a couple of related challenges when talking about these issues, one of which is the existing resource skill sets and how they’re not the same across a typical IR team. This is a point that should really be considered when going through a solution discovery phase by asking the questions: What can I incorporate to best leverage the skills of the available resources? And, how do I best leverage the resources provided with an incident response platform?
At DFLabs, we look to help with these and many more points by providing out-of-the-box IncMan playbooks that are based on industry best practices and recognized standards. Furthermore, by giving you the ability to craft your own fully customized, simplified or advanced playbook, we enable your incident response teams with the freedom to react as they see fit, and in accordance with regulation or specific compliance measures applicable to your operations. To address any hesitance to automated response, your playbooks can be built to uniquely meet your comfort level, for example by leveraging automatic enrichment actions while also enforcing role-based security requirements to require authorization for any containment measures.
Lastly, by being platform agnostic, IncMan empowers you to incorporate your existing infrastructure for a comprehensive response strategy without a requirement for additional infrastructure investment.