June 29, 2021 Events & WebinarsDetection and response

Build and Prepare: How to steer your IR team towards excellence

Join Red Canary’s information security and incident response experts for a mini masterclass in incident response. Based on our work with over 1,000 IR projects, this expert panel will discuss the key building blocks of a world-class IR program and how to prioritize them, so that security teams can continuously improve their capabilities.


In this webinar, security leaders will learn:

  • Shared concerns among CISOs regarding their teams’ abilities to respond to incidents
  • Key components of a world-class incident response program, and what to do if yours falls short
  • The most efficient and effective way to implement a new or improved program

01:41 Panelist Introduction

05:17 The State of Incident Response Report Findings

06:17 “We’ve had this culmination of ransomware that’s really driven a lot of heartburn and deep thinking across organizations about how to better prepare.” – Marc

09:59 “Less than half of organizations are able to contain a threat in less than an hour after that initial compromise.” – Greg

15:37 “I’ve seen great teams with great resources find something interesting quickly, identify and escalate it, but they weren’t sure how to get it fully contained and remediated. By the next morning, they were ransomed.” – Marc

18:11 “They’re not all security related, you can have privacy incidents, financial incidents, human resources incidents, and more.” – Keith

18:53 Key Components of an IR Program

21:29 “Understanding incident classification and severity is key.” – Adam

22:35 “As infosec, you can’t do all of it. You’re not going to be in every single incident.” – Adam

32:28 “Start simple. Understanding who those stakeholders are, building those initial relationships, and knowing who you’re going to call.” – Marc

37:30 “A very small percentage of organizations can implement security operations programs. Incident response programs are just one part of that.” – Keith

39:56 “The kind of incidents you prepare for are not always going to be the incidents you walk into.” – Adam

41:00 SOC-as-a-Service

43:44 “Threats are constantly evolving. There are different types of incidents, so you’re going to need to be well-advised to have those resources ready.” – Marc

45:24 Checklist for Maturing Your IR Program

48:33 “We put a lot of investment in automation—setting up the incident to make it easy for people to declare an incident.” – Adam

01:08:00  Closing Remarks


Keith McCammon
Chief Security Officer & Co-Founder, Red Canary
Marc Brawner
Global Head of Managed Security Services, Kroll
Adam Mathis
VP of Information Security, Red Canary
Greg Bailey
Director of Incident Handling, Red Canary