In a thorough and detailed webcast earlier this week, we heard from michael belton and Lital Asher - Dotan on the increasingly urgent subject, “Need for Speed: 5 Tips to Accelerate Incident Investigation Time”. Meticulous and successful plans for efficient incident response can make or break an organization after a breach. Read on to find out some highlights on how to improve and accelerate your organization's incident investigation plans:
- Know your people – One of the best ways to make sure you're prepared to react swiftly in a time of crisis is to know who will need to be involved, and what they can accomplish. Anyone from IT and security teams, to business management, marketers, legal teams, company leadership, and beyond can be involved in incident response depending on the scope of the breach. It will be a huge time saver to have key technical and non-technical personnel identified and empowered to make decisions ahead of time so they can act quickly in their areas of expertise.
- Preparation, Paper Trails & Practice – It's not always easy or fun, but the only way to know you will be able to act quickly in a time of crisis is to ensure you are over-prepared. Envision all possible scenarios, understand systems and data flow, put plans and logging systems in place, and test and document your actions thoroughly. If you prepare, document, and practice, you have a much greater change of responding quickly and correctly when your organization is under the gun and in fire drill mode.
- Detection is as important if not more important than strong IR – The ability to detect an event (even a small, seemingly insignificant one) and quantify it with other events to predict if an attack is happening/will happen/has happened is invaluable to bolstering your incident response capabilities.
These takeaways are just the tip of the iceberg on knowledge that Michael Belton has to share after working with countless organizations tackling incident investigation. For an in-depth view, watch the on-demand webcast now.