<p>We are living in a time of an unprecedented number of events affecting the cybersecurity industry, ranging from issues with nation-state attackers to tumultuous elections to numerous government investigations. Throughout these events incident response (IR) teams have played a critical role in defending their organizations. This SANS Incident Response Survey focuses on the effectiveness of these IR teams and the factors that influence their success.</p>
<p>Survey results show that IR teams are:</p>
<ul>
<li>Detecting the attackers faster than before</li>
<li>Containing incidents more rapidly</li>
<li>Relying more on in-house detection and remediation mechanisms</li>
<li>Receiving budget increases to support their operations</li>
</ul>
<p>Despite notable advancements, however, there are still more areas which could be improved. This SANS Survey provides a detailed examination of survey results and corresponding guidelines for improving IR teams and efforts.</p>
