In his 2016 RSA Conference keynote, RSA President Amit Yoran explained that modern security is moving away from the traditional focus on prevention toward a mindset that includes monitoring and response as key security components. In particular, Yoran stressed that accelerating incident response speed is crucial for overcoming current known security threats and future attacks.
Without a strategic plan, organizations will struggle to effectively transfer and apply data and knowledge that is strategically gained from advanced detection processes and incident response. The RSA Speaking of Security blog has accumulated and published considerable new learning on advanced detection and response, and this information may prove invaluable to organizations that are shifting their security strategies to focus on threat monitoring and response.
The following are five must-read articles on this topic:
1. 'How Organizations Think About Threat Detection'
The results of RSA's 2016 Threat Detection survey inform the discussion about incident detection and response speed. As Yoran said in his keynote, 90 percent of IT professionals are not happy about the speed at which modern security technologies detect incidents.
"How Organizations Think About Threat Detection: Results From the RSA Threat Detection Survey" sets the stage for how organizations should solve speed deficiencies. According to the survey, only 24 percent of organizations are satisfied with their incident detection and incident response speed. Significantly, but unsurprisingly, the portion of respondents that felt they could detect or respond to threats very quickly was only 9 percent and 11 percent, respectively.
As a result, incident detection and response speed are top concerns for many companies. However, some organizations are still not giving these vital security operations sufficient attention. The good news is that many C-suites are finally starting to take notice, and investment changes should follow accordingly.
2. 'New Advanced Detection Methods Help Find Threats'
The threat landscape is only getting worse, and it is inevitable that an organization will be attacked-it's just a matter of when. "New Advanced Detection Methods Help Find Threats" discusses actionable steps organizations can take to mitigate these risks, including forensics/indicators of compromise, next-generation threat intelligence systems, and threat information-sharing.
3. 'Automate Detection and Detect Early with Leading Indicators'
The process of detection automation is explained in "Automate Detection and Detect Early with Leading Indicators," which discusses how and where to collect relevant data, highlighting well-known but often overlooked sources. The article emphasizes that detection automation is all about tactics, techniques, and procedures. To get there, organizations need the right data.
4. 'Behavior Analytics: The Key to Rapid Detection and Response ?'
What role does behavior analytics play in improving incident detection and response speed? "Behavior Analytics: The Key to Rapid Detection and Response?" explains that analytics tools help improve speed by making sense of the vast amount of data these systems generate. Developing a user and entity behavior analytics security plan that focuses on behavior, rather than just static rules, will significantly accelerate incident response speed.
5. 'Measure Your Readiness - Incident Response Program'
Last but not least, "Measure Your Readiness - Incident Response Program" discusses "a new framework that is a combination of analytical and operational capabilities, processes, governance, and metrics." This framework can determine the effectiveness of an incident response security structure. Speed is one of its key metrics, since it helps shape and accelerate the continuous process of improving incident response programs and facilitates benchmarking against industry best practices.