Is Automation the Key to Lower Incident Response Times?

This year’s SANS Endpoint Security Survey report is loaded with interesting statistics such as:

  • 42% of IT professionals acknowledged they had suffered a breach on their endpoints.
  • 20% said they did not know if they had been breached.
  • 82% of those that knew of a breach said it had involved a desktop.
  • 69% cited corporate laptops.
  • 42% cited employee-owned laptops.
  • 47% of antivirus capabilities detected threats.
  • 26% of breaches were detected by endpoint detection and response (EDR) capabilities.

It was this last response that was of particular interest, so we took a deeper dive.

Endpoints Up Response Times Down

One of the challenges facing security professionals is the seemingly ever expanding number of endpoints that need to be monitored. It’s akin to having an ever expanding fence line that needs to be patrolled and maintained by a rancher to prevent loss of livestock to predators.

 

Interestingly enough, despite the growth in endpoints this year’s report showed that incident response times are actually decreasing. One of the primary reasons for this is automated endpoint detections and response capabilities (EDR).

Are you Automated?

 

If you have purchased and fully implanted a next-gen EDR solution you can consider yourself and your organization firmly ahead of the curve.  As SANS Analyst and survey author Lee Neely states in the report:

 

“The diversity and quantity of endpoints in the modern enterprise are driving the need for more automation and predictive capabilities. While [organizations] are purchasing solutions to keep ahead of the emerging cyber threats, they appear to fall short on implementing the key purchased capabilities needed to protect and monitor the endpoint.”

In fact, to be more specific:

“Of the IT professionals that had acquired next-gen endpoint security solutions, 37% haven’t implemented their full capabilities”.

Let Konsultek Help You Automate

The SANS Incident Response Survey shows that the largest number of respondents had a “time to detect” between 6-24 hours, “time to contain” of 2-7 days and  finally a “time to remediate” of 2-7 days.  As security professionals looking to secure an ever more complex end-point “fence line” how do we accelerate the incident response time? The obvious answer is to use machine based automation.

Curious as to how that might work in your organization’s network? We’d be happy to explain! Just give us a call to discuss how a Konsultek custom security solution can take your organization to a whole new level of security.

 

© Copyright 2018 Konsultek