While every organization currently deals with security incidents in some way, most organizations struggle under the weight of alert fatigue, lack of visibility, and prioritization challenges. While the majority of organizations have established a SOC, most organizations face a skills/staffing shortage, a continuously expanding attack surface, unintegrated security tools, slow investigations, inconsistent response procedures, and general analyst burnout. Does this sound chaotic? Can you hire your way out of this problem? Should you completely outsource your incident response to a managed provider? Is that even possible? Is there a middle ground between outsourced and insourced? What technologies are a “must have” versus a “nice to have”. What performance metrics are the right ones to track your program? The managed services and professional services teams at Rapid7 work with more than 1,000 organizations of all sizes and levels of security maturity to help them operate and mature their incident response programs. From these experiences Rapid7 has discovered some very helpful keys that you can apply to your program.