Analysts and security professionals agree that 2016 brought cyber security unprecedented levels of attention, with vivid examples of cyber attacks in the news, and a seemingly constant string of hacks, ransomware, and other malicious incidents. The ubiquity of cyber incidents has led to a major shift in how organizations approach incident response (IR). No longer are companies just seeking a one-time remediation of a cyber incident. Rather, they are looking to engage a more holistic approach that can help determine the root cause of threats, streamline collaboration across departments, and better predict and mitigate the regulatory, reputational, and financial implications of incidents.
At D3, we call this ‘going beyond incident response’, and you can read more about it in our recent white paper with our friends at The Chertoff Group.
In the first few months of 2017, we’ve seen examples of this trend arise in sales engagements, client consultations, RFPs, and at industry events like the RSA and B-Sides conferences. In doing so we’ve assembled a clear picture of what organizations are looking to get from their cyber incident response solutions in 2017. Naturally, we thought we’d share it with you:
1. Standard Process
The fact is that many organizations still need to establish their IR posture with a proven methodology. The NIST 800-61 Incident Handling Guide offers most companies the best starting point, with step-by-step guidance on incident processing, plus tips on everything from collaborating to holding ‘lessons learned’ meetings. D3’s playbook library includes playbooks based on NIST 800-61, which can be enriched with threat intelligence or customized any number of ways.
2. A Centralized Hub for Cyber Intelligence
Something we’re hearing often from customers is that they have an overwhelming amount of data coming in, and so they need a centralized hub that can bring together incident data, SIEM events, threat intelligence, and custom rules. An effective solution will provide a single place for integrated analysis and real-time collaboration, instead of forcing analysts to work in disparate systems. For companies that want to speed up their triage, response and forensics, having a “centralized nerve center” is essential.
3. Industry Specialization
Every industry faces unique challenges. For example, manufacturers with SCADA networks need to have incident response playbooks with forensics and threat intelligence components. In addition, during a SCADA attack, the company’s anti-malware, forensics and incident response SMEs will need to receive detailed information from throughout the response process.
Check out our blog post on cyber security for the manufacturing industry to learn how D3’s Incident Management Platform can help manufacturers respond to common attacks like spearphishing, as well as protect ICS/SCADA and PLCs.
For healthcare providers, ransomware is an increasingly common attack. In financial services, there is the elevated risk of payment card skimming, credential stealing, and other methods designed to net a quick one-time payout.
Organizations—particularly those in highly regulated industries—are insisting on cyber incident response solutions that can help manage their industry-specific needs. As both regulators and attackers become more sophisticated in their methods, the one size fits all approach is no longer enough.
4. Native Forensic and Case Management Capability
Investigating a cyber attack or data breach can be costly, especially if you’re relying on outside experts and counsel. Large companies, especially those in the Fortune 500, are looking to establish in-house investigative, computer forensics and eDiscovery capabilities. This means that they require a case management system that’s up to the task of handling terabytes of processing data and digital evidence, along with supporting hundreds or even thousands of custodians.
Selecting an incident response solution with built-in forensics and case management capabilities not only saves companies the cost of outsourcing these functions, it also enables faster and more thorough remediation.
5. The Ability to Present the Business Case for Cyber Incident Response
Cyber security can be extremely mysterious to those who do not have directly applicable training and expertise. Unfortunately, these are often the people making strategic and budget decisions within the organization. Cyber security, risk management, and incident response team leaders need to be able to make a strong business case to executives in order to demonstrate the regulatory and operational risks of cybersecurity—and the value of a comprehensive cyber incident response solution.
Everyone understands the value of incident response once an attack happens—but by then it’s too late. To make the decision-makers appreciate how much money can be saved by an effective cyber incident response solution, companies require platforms that can generate detailed incident response analytics, and then turn those analytics into clear cost and risk calculations.
Click on the Button Below to book a demo and see for yourself why so many organizations, including 100+ of the Fortune 500, use D3 to orchestrate incident response, connect with security technologies, and apply data-driven decisions across an enterprise-wide vision of cyber security and risk management.