Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content.
You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Managing your cookies

Our website uses cookies. You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button.

Necessary cookies

These are essential for the user navigation and allow to give access to certain functionalities such as secured zones accesses. Without these cookies, it won’t be possible to provide the service.
Matomo on premise

Marketing cookies

These cookies are used to deliver advertisements more relevant for you, limit the number of times you see an advertisement; help measure the effectiveness of the advertising campaign; and understand people’s behavior after they view an advertisement.
Adobe Privacy policy | Marketo Privacy Policy | MRP Privacy Policy | AccountInsight Privacy Policy | Triblio Privacy Policy

Social media cookies

These cookies are used to measure the effectiveness of social media campaigns.
LinkedIn Policy

Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Skip to main content

Cyber Incident Response

What is Cyber incident response?

  • Cyber Incident Response complements the advanced detection & response domain with a focus on technologies, processes and frameworks aimed at the discovering, eradicating and recovering from cyber attacks and exploited vulnerabilities within an organization.
  • It covers the key functions and operations expected by CERT/CSIRT teams and is increasingly important to a mature cybersecurity strategy in many organizations.

Why it matters

  • Identifying technological trends will help outline and prescribe threat discovery, attack mapping, threat modelling, and threat and vulnerability management.
Blue ball Green ball Yellow ball Red ball Purple ball Diagonal straight lines curves outlines X-labels-Years 0-2 years 2-5 years 5+ years Y-labels-Areas Cyber Incident Response
Maturity
0-2 years
2-5 years
5+ years
 

0-2 years

2-5 years

5+ years

The landscape

Real-time prevention

Adversary profiling with MITRE Att&CK:

Organizations are increasingly adopting the MITRE ATT&CK
framework and moving to a Threat-informed defense strategy. Such
framework will help organizations understand the behavior and
tactics of threat actors and proactively tailor-cut their protection strategies.

Real-time prevention

Threat hunting for proactive protection

With the digital transformation going full speed and the continously expanding attack surface, the old school approach of “building the defenses and waiting in the trenches” is no longer sustainable. Neither is the static approach of waiting for the published IoCs and running unitary searches. Organizations will have to adopt threat hunting, especially red teaming activities to proactively identify vulnerabilities in their environments before they are exploited by threat actors. With red teaming, organizations will get better insight on the weaknesses in their environments and will be able to proactively mitigate them.

Automated Threat Modelling

In order to efficiently prevent attacks and breaches, organizations will have the expand their use of risk-based approaches, especially automated threat modelling. For organizations it does not only provide them with the means for building secure systems in a repetitive and methodical approach with little to no human intervention, it also greatly decreases the chances that an attack is successful and reduces the time and human effort needed for the implementation. The remaining challenge is that Automated Threat Modelling heavily relies on very good understanding of the business infrastructure and processes. Thus introducing errors or missing information can have a negative impact on an automated approach. This could also lead to improper security response used during an attack. That is why organizations must leverage their own-SOC detection, threat intelligence sharing and cyber deception tools to identify the risks first.

Key figures

46%

of those technologies are either already adopted by most organizations or will be in the next two years.

46%

of those technologies are expected to be adopted in the next 2 to 5 years cycle.

8%

of those technologies are transformational and wide spread adoption will take over 5 years.