Sometimes it seems like you need to be a CISSP just to understand the variety of incident response platforms (IRPs) on the market. Cybersecurity incident response is still a relatively young industry, and the solutions on offer comprise a wide range of different functionality and technology. Compounding this confusion is the fact that the terminology used to define products is inconsistent across vendors. The result is that buyers are left in the undesirable position of relying on vendors to explain to them what they need.
In order to clarify the landscape and arm prospective customers with the information they need, we’ve created an Incident Response Buyer’s Guide. While there are many valid approaches to designing an IRP, our experience in the field has led us to believe that certain features and capabilities are universally valuable. We’ve listed them in the guide, and made our case for why they will help your incident response program. We’ve also included a section on deliverables that you can measure to assess an IRP’s effectiveness, and another on how to evaluate vendors.
A quick run-through of each section is below, but be sure to check out the complete Buyer’s Guide here, in order to get the full value.
In our Buyer’s Guide, we’ve broken out our discussion of the platform into two sections: (1) Effectiveness and Ease-of-Use, and (2) Key Features. The first section looks at the characteristics of an IRP that will maximize its value over time, and allow it to support your business requirements. These include:
In the second section, we list 10 key features that every effective IRP should have. These include:
Features are only as good as the outcomes they lead to. In this section of the guide, we discuss five deliverables that you should be aiming for when evaluating your IRP, and your incident response program as a whole. These include:
A great deal of an IRP’s value comes from the vendor that produces it. IRPs evolve over time, requiring an active vendor that maintains, upgrades, and innovates in order to keep the product on the cutting edge. In this final section, we provide three characteristics by which you can assess an incident response vendor: experience, expertise, and engagement. If a vendor is strong on all three, you won’t just be getting good software, you’ll be benefiting from a team of attentive experts who provide your incident response program with specialized support.
This is just a small sampling of the content in our comprehensive Buyer’s Guide. Download the guide to get the complete set of must-have features, insider tips, and assessment criteria.