We are living in a time of an unprecedented number of events affecting the cybersecurity industry, ranging from issues with nation-state attackers to tumultuous elections to numerous government investigations. Throughout these events incident response (IR) teams have played a critical role in defending their organizations. This SANS Incident Response Survey focuses on the effectiveness of these IR teams and the factors that influence their success.
Survey results show that IR teams are:
- Detecting the attackers faster than before
- Containing incidents more rapidly
- Relying more on in-house detection and remediation mechanisms
- Receiving budget increases to support their operations
Despite notable advancements, however, there are still more areas which could be improved. This SANS Survey provides a detailed examination of survey results and corresponding guidelines for improving IR teams and efforts.