Cyber Incident Response

What is Cyber incident response?

  • Cyber Incident Response complements the advanced detection & response domain with a focus on technologies, processes and frameworks aimed at the discovering, eradicating and recovering from cyber attacks and exploited vulnerabilities within an organization.
  • It covers the key functions and operations expected by CERT/CSIRT teams and is increasingly important to a mature cybersecurity strategy in many organizations.

Why it matters

  • Identifying technological trends will help outline and prescribe threat discovery, attack mapping, threat modelling, and threat and vulnerability management.
Blue ballGreen ballYellow ballRed ballPurple ballDiagonal straight linescurvesoutlinesX-labels-Years0-2 years2-5 years5+ yearsY-labels-AreasIncident Response
Maturity
0-2 years
2-5 years
5+ years
 

0-2 years

2-5 years

5+ years

The landscape

Real-time prevention

Adversary profiling with MITRE Att&CK:

Organizations are increasingly adopting the MITRE ATT&CK
framework and moving to a Threat-informed defense strategy. Such
framework will help organizations understand the behavior and
tactics of threat actors and proactively tailor-cut their protection strategies.

Real-time prevention

Threat hunting for proactive protection

With the digital transformation going full speed and the continously expanding attack surface, the old school approach of “building the defenses and waiting in the trenches” is no longer sustainable. Neither is the static approach of waiting for the published IoCs and running unitary searches. Organizations will have to adopt threat hunting, especially red teaming activities to proactively identify vulnerabilities in their environments before they are exploited by threat actors. With red teaming, organizations will get better insight on the weaknesses in their environments and will be able to proactively mitigate them.

Automated Threat Modelling

In order to efficiently prevent attacks and breaches, organizations will have the expand their use of risk-based approaches, especially automated threat modelling. For organizations it does not only provide them with the means for building secure systems in a repetitive and methodical approach with little to no human intervention, it also greatly decreases the chances that an attack is successful and reduces the time and human effort needed for the implementation. The remaining challenge is that Automated Threat Modelling heavily relies on very good understanding of the business infrastructure and processes. Thus introducing errors or missing information can have a negative impact on an automated approach. This could also lead to improper security response used during an attack. That is why organizations must leverage their own-SOC detection, threat intelligence sharing and cyber deception tools to identify the risks first.

Key figures

35%

of those technologies are either already adopted by most organizations or will be in the next two years.

24%

of those technologies are expected to be adopted in the next 2 to 5 years cycle.

41%

of those technologies are transformational and wide spread adoption will take over 5 years.