If you’ve visited this blog over the past several months, you know that we believe information security is at a critical crossroads. For years, organizations have relied heavily on detection solutions that, although effective, produce too many alerts for most security operations centers (SOCs) to handle manually; inevitably something falls through the cracks. As such, we believe the only way that companies can effectively protect themselves is to focus more on incident response management.
As it turns out, we feel we are not alone in our perspective. Gartner, the world’s leading IT research analyst firm, is now advocating a more well-rounded approach to cyber security as well. Last year, Gartner analysts Neil MacDonald and Peter Firstbrook wrote a paper entitled “Designing an Adaptive Security Architecture for Protection From Advanced Attacks,” which noted in its summary:
“Enterprises are overly dependent on blocking and prevention mechanisms that are decreasingly effective against advanced attacks. Comprehensive protection requires an adaptive protection process integrating predictive, preventive, detective and response capabilities.” 1
The trend toward incident response management can also be observed in a look at the agenda of the firm’s upcoming Security & Risk Management Summit. It lists numerous topics related to incident response—some of which we have already covered on this blog—including:
- Leveraging threat intelligence for response
- How the Internet of Things will impact information security
- The need for new security architectures that complete the information security life cycle
With a respected firm like Gartner advocating incident response management, numerous automation tools and solutions aimed at the space will undoubtedly hit the market over the next several years. But before CIOs or CISOs invest in any of these tools, they should have a clear picture of exactly how their SOCs function now—the processes their experts utilize to respond to alerts, their most crucial metrics and most common pain points. Only with that information in hand can decision makers ensure that they are investing in a tool that solves their specific use cases.
At that point, CIOs and CISOs can make an evidence-based decision about what solution best meets their incident response needs and look confidently to the future.
1 Gartner, Designing an Adaptive Security Architecture for Protection From Advanced Attacks, Neil MacDonald, Peter Firstbrook, February 12, 2014, refreshed November 19, 2014