3 Days left to get an iPad Pro, Surface Pro, or $400 Off with Online Training!

Press


Incident Responders Detecting and Containing Attacks Faster, Says New SANS Survey

Enterprises Building Better IR Capabilities - But There's Room to Improve

  • Bethesda, MD
  • May 31, 2017

Incident responders are acting more quickly to combat attacks, including those similar to the recent WannaCry ransomware attack, according to results of a the fifth annual incident response survey to be released by SANS Institute in webcasts June 13 and June 14.

According to this new report, response teams are growing in size and are including more dedicated staff, with 84% of respondents reporting at least one dedicated staff member. They are also detecting incidents more quickly. Half of respondents reported a dwell time of under 24 hours, and 53% were able to contain the incident in that same time frame.

"Incident responders faced unprecedented challenges, including increasingly sophisticated and more frequent attacks, in 2016," says Matt Bromiley, SANS Analyst and author of the associated SANS paper "It is encouraging to see that they are able to detect and contain the incidents so quickly, a testament to the commitment they and their employers have made to secure their environments."

Respondents attributed 68% of the incidents they investigated to malware attacks. Teams also are relying more on in-house detection and remediation, with use of threat intelligence and endpoint detection tools. The webcast and associated paper will detail how other tools have been used and the role of budget in incident response, as well as how IR can be improved.

Survey results will be shared during a two-part webcast at 12 PM EDT on both June 13 and June 14. This series is sponsored by AlienVault, Anomali, Guidance Software, IBM Security, LogRhythm, and McAfee, and hosted by SANS. Register to attend the June 13 webcast at www.sans.org/webcasts/103547 and the June 14 webcast at www.sans.org/webcasts/103552

Those who register for the webcast will also receive access to the associated paper.

Tweet This:
Is IR getting better or worse and why? Join SANS for webcast to see how security pros responding. | www.sans.org/webcasts/103547

IR two-part webcast focuses on improving performance and response capabilities | June 13 | June 14

Register to learn SANS IR Survey results and access related paper | www.sans.org/webcasts/103547

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 50 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates employee qualifications via 30 hands-on, technical certifications in information security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (https://www.sans.org)