Top incident response service providers, vendors and software

Incident response is a critical component of enterprise security. Being prepared for unplanned and potentially disruptive events that affect the security and integrity of an organization’s IT infrastructure can mean the difference between survival and going out of business.

To successfully handle incident response, organizations need to equip their teams with the best tools or employ incident response service providers.

Let’s look at deciding between in-house or outsourced incident response, considerations to find the best option for your organization, and lists of leading software and service providers.

Incident response: In-house or outsourced?

Incident response cannot be completed by an all-in-one platform. It requires a mix of tools and technologies, including endpoint products, network security platforms, specialized malware analysis tools and software with automation capabilities. Most organizations have these tools in their arsenal already, including SIEM systems, vulnerability scanners, endpoint detection and response (EDR), antimalware and firewalls. More recently, user behavior analytics (UBA); security orchestration, automation and response (SOAR); and extended detection and response (XDR) have joined the fold. If a company has these tools, it is better suited to complete its own incident response tasks.

Deciding between in-house or outsourced incident response can also come down to the nature and complexity of the threats it faces. Use risk analyses and business impact analyses to identify the types of situations for which incident response might be needed, and build an incident response plan. An in-house approach could be the easiest way to complete this, or if risk and business impact analyses indicate potentially more serious events, organizations might want to consider outsourcing the planning process to a service provider. Organizations with multiple locations could also be better suited to outsource because each location might have different risks, threats and vulnerabilities, and each locale could require plan restructuring to address its unique needs.

Also, consider staffing. Does the organization have staff with the expertise needed to complete the steps in the incident response lifecycle? Does it have the budget?

How to choose incident response software

After using risk and business impact analyses to identify security events likely to occur to an organization, consider which tools are needed. Many companies have the tools needed in-house, but if not, they should assess the need for additional tools. As with any activity, funding is an important factor.

When building an incident response toolkit, consider how — and if — the tools can work together. Integrations are important to ensure proper analytics, investigation and response. More than one technology is often available from a single vendor, while, sometimes, tools from separate vendors connect to share information and work on incident response together.

Incident response software should also account for incident response standards and frameworks. This is important from both compliance and audit perspectives.

How to choose an incident response service provider

Organizations that find it more effective to work with a trusted third party should ask if their current managed security or risk management service providers or cloud service providers offer incident response capabilities. Using services from an existing provider can make the incident response service selection process easier.

If no existing vendors fit the bill, the following steps can help identify a suitable service provider:

Determine the specific incident response requirements of your organization. This could include threat detection, alert notifications and detailed step-by-step procedures for incident handling.
Research the market for incident response service providers, and review their offerings.
Prepare and present a business case to management for approval and funding.
Prepare a request for proposal or request for quotation to secure pricing and other elements, such as installation, training, warranties, support for service-level agreements, maintenance costs, testing capabilities, documentation and technical support.
Select a vendor, review and approve contracts, secure organization funding, and schedule deployment and training.
Complete installation and deployment, and then test the system. If possible, test along with business continuity, disaster recovery and cybersecurity testing.
Set up maintenance, performance review and testing schedules.

As with any new technology or process, prepare or update policies and procedures for incident response activities.

Leading incident response vendor platforms

When managing incident response planning and management in-house, choose the right incident response tools. As mentioned, the incident response lifecycle requires a mix of tools. The following are 10 leading incident response software options to consider adding to an organization’s arsenal.

1. AT&T USM Anywhere

Unified Security Management (USM) Anywhere from AT&T offers automated threat detection based on threat intelligence from the AT&T Alien Labs security team and AT&T Alien Labs Open Threat Exchange. USM has discovery capabilities that include network asset and cloud asset discovery; analysis that includes SIEM event correlation and user activity monitoring; detection that includes cloud intrusion detection and EDR; response; assessments that include vulnerability scanning and dark web monitoring; and reporting.

USM Anywhere is a SaaS product, available in Essentials, Standard and Premium plans that start at $1,075-$2,595 per month, respectively. Contact the company for further pricing.

2. CrowdStrike Falcon Insight

CrowdStrike Falcon Insight is an XDR and EDR platform with continuous logging, AI-powered threat detection, threat hunting, situational awareness, response, streamlined notifications and threat prioritization. Integration with CrowdStrike’s SOAR platform, Falcon Fusion, enables automated response capabilities. Alerts are mapped to the Mitre ATT&CK framework.

The cloud-based product is available as part of the Falcon Enterprise and Elite packages, with the subscription licensed per endpoint. Contact the company for pricing.

3. Cynet 360 AutoXDR Platform

The Cynet 360 AutoXDR Platform integrates threat detection and prevention, log analysis and data correlation, and incident response and automation into a single platform. Features include EDR, UBA, network detection and response (NDR), deception technology, sandboxing and threat intelligence, as well as SaaS security posture management and cloud security posture management.

This product is available for SaaS, hybrid or on-premises deployment. CyOps, Cynet’s 24/7 managed detection and response (MDR), is included at no additional cost. Contact the company for pricing.