Incident response is a critical component of enterprise security. Being prepared for unplanned and potentially disruptive events that affect the security and integrity of an organization’s IT infrastructure can mean the difference between survival and going out of business.
To successfully handle incident response, organizations need to equip their teams with the best tools or employ incident response service providers.
Let’s look at deciding between in-house or outsourced incident response, considerations to find the best option for your organization, and lists of leading software and service providers.
Incident response cannot be completed by an all-in-one platform. It requires a mix of tools and technologies, including endpoint products, network security platforms, specialized malware analysis tools and software with automation capabilities. Most organizations have these tools in their arsenal already, including SIEM systems, vulnerability scanners, endpoint detection and response (EDR), antimalware and firewalls. More recently, user behavior analytics (UBA); security orchestration, automation and response (SOAR); and extended detection and response (XDR) have joined the fold. If a company has these tools, it is better suited to complete its own incident response tasks.
Also, consider staffing. Does the organization have staff with the expertise needed to complete the steps in the incident response lifecycle? Does it have the budget?
After using risk and business impact analyses to identify security events likely to occur to an organization, consider which tools are needed. Many companies have the tools needed in-house, but if not, they should assess the need for additional tools. As with any activity, funding is an important factor.
When building an incident response toolkit, consider how — and if — the tools can work together. Integrations are important to ensure proper analytics, investigation and response. More than one technology is often available from a single vendor, while, sometimes, tools from separate vendors connect to share information and work on incident response together.
Incident response software should also account for incident response standards and frameworks. This is important from both compliance and audit perspectives.
Organizations that find it more effective to work with a trusted third party should ask if their current managed security or risk management service providers or cloud service providers offer incident response capabilities. Using services from an existing provider can make the incident response service selection process easier.
If no existing vendors fit the bill, the following steps can help identify a suitable service provider:
As with any new technology or process, prepare or update policies and procedures for incident response activities.
When managing incident response planning and management in-house, choose the right incident response tools. As mentioned, the incident response lifecycle requires a mix of tools. The following are 10 leading incident response software options to consider adding to an organization’s arsenal.
Unified Security Management (USM) Anywhere from AT&T offers automated threat detection based on threat intelligence from the AT&T Alien Labs security team and AT&T Alien Labs Open Threat Exchange. USM has discovery capabilities that include network asset and cloud asset discovery; analysis that includes SIEM event correlation and user activity monitoring; detection that includes cloud intrusion detection and EDR; response; assessments that include vulnerability scanning and dark web monitoring; and reporting.
USM Anywhere is a SaaS product, available in Essentials, Standard and Premium plans that start at $1,075-$2,595 per month, respectively. Contact the company for further pricing.
CrowdStrike Falcon Insight is an XDR and EDR platform with continuous logging, AI-powered threat detection, threat hunting, situational awareness, response, streamlined notifications and threat prioritization. Integration with CrowdStrike’s SOAR platform, Falcon Fusion, enables automated response capabilities. Alerts are mapped to the Mitre ATT&CK framework.
The cloud-based product is available as part of the Falcon Enterprise and Elite packages, with the subscription licensed per endpoint. Contact the company for pricing.
The Cynet 360 AutoXDR Platform integrates threat detection and prevention, log analysis and data correlation, and incident response and automation into a single platform. Features include EDR, UBA, network detection and response (NDR), deception technology, sandboxing and threat intelligence, as well as SaaS security posture management and cloud security posture management.
This product is available for SaaS, hybrid or on-premises deployment. CyOps, Cynet’s 24/7 managed detection and response (MDR), is included at no additional cost. Contact the company for pricing.
Search results for: