Year after year, surveys show the same thing: threat investigation and incident response take too long. More specifically, security and risk leaders report that the average threat investigation takes over half a day while infection dwell times are still measured in weeks and months. Yet SANS experts suggest that the most critical incident response steps of identification and containment provide an opportunity for your defenders to gain back the advantage.
Part of the challenge is that today’s enterprise infrastructures are nothing like they’ve been even in the recent past: hybrid environments, multi-cloud, mixed vendors, worldwide assets, mobile/remote workforces, microservices, and more. All these changes mean your approach must change, too. Instead of relying on external data points, there are ways of intelligently blending network data you already collect with accurate threat intelligence to accelerate your threat investigation and response capabilities.
Join SANS author Matt Bromiley and Infoblox cybersecurity expert Bob Hansmann to learn how to enhance and supercharge your incident response process with concepts and ideas you can implement right away.