Significance of Speed of Incident Response - SANS white paper

less than 1 minute read

I was on the SANS website (we are hoping to recruit from their unique Cyber Academy -, and came across this excellent SANS white paper

We have been struggling to articulate the differentiators in our service (i.e. the value add we have over our competitors). The white paper really sums it up for us - focus on speeding up incident response and not detection (note; I am not saying e2e ignore detection but rather highlighting that if you have detection and no response then why bother?).

The true value in a protective monitoring/security monitoring/managed security operations centre (SOC) service is the depth and quality of the incident response processes, people and technology.

In particular the ‘IR Maturity model’ is a great concept (see the table/picture on page 2) – if you go with e2e you get ‘Proactive Incident Response’. All the competition seem to be still doing detection only, and they get you, the customer to do the ‘Manual Forensics’!