Watch On-Demand
Q&A: Incident Response Operations
In this webinar, security leaders will learn:
- Shared concerns among CISOs regarding their teams’ abilities to respond to incidents
- Key components of a world-class incident response program, and what to do if yours falls short
- The most efficient and effective way to implement a new or improved program
01:41 Panelist Introduction
05:17 The State of Incident Response Report Findings
06:17 “We’ve had this culmination of ransomware that’s really driven a lot of heartburn and deep thinking across organizations about how to better prepare.” – Marc
09:59 “Less than half of organizations are able to contain a threat in less than an hour after that initial compromise.” – Greg
15:37 “I’ve seen great teams with great resources find something interesting quickly, identify and escalate it, but they weren’t sure how to get it fully contained and remediated. By the next morning, they were ransomed.” – Marc
18:11 “They’re not all security related, you can have privacy incidents, financial incidents, human resources incidents, and more.” – Keith
18:53 Key Components of an IR Program
21:29 “Understanding incident classification and severity is key.” – Adam
22:35 “As infosec, you can’t do all of it. You’re not going to be in every single incident.” – Adam
32:28 “Start simple. Understanding who those stakeholders are, building those initial relationships, and knowing who you’re going to call.” – Marc
37:30 “A very small percentage of organizations can implement security operations programs. Incident response programs are just one part of that.” – Keith
39:56 “The kind of incidents you prepare for are not always going to be the incidents you walk into.” – Adam
41:00 SOC-as-a-Service
43:44 “Threats are constantly evolving. There are different types of incidents, so you’re going to need to be well-advised to have those resources ready.” – Marc
45:24 Checklist for Maturing Your IR Program
48:33 “We put a lot of investment in automation—setting up the incident to make it easy for people to declare an incident.” – Adam
01:08:00 Closing Remarks