Issue link: https://insights.oneneck.com/i/1463395
AlertLogic.com C A S E S T U DY: M I S S I O N 4 4 In most cases, there will be a notification prompting security teams to further investigate and execute the recommended remediation steps. This could be to update a policy or change control, update a misconfigured service, or apply patches to affected systems. 50% of midsize and large enterprises believe they are likely to experience a data security breach over the coming year.* 46% of enterprises reported they have a security operations center (SOC) in place, and many of those only operate their SOC during business hours.* Actions Taken: Recognize that effective response is often a blend of multiple actions. Prioritization will change based on variables such as incident type, asset criticality, and desired outcomes of the business. The blend should consist of: • Notification — Inform appropriate responders of the security incident with sufficient detail to enable decision-making • Containment — Limit access of the compromised entity, which may mean limiting system services, restricting network access and egress, or reducing user roles and privileges • Elimination — Disrupt the attack and block access to the vulnerable service 5 User Experience: Examine a solution that allows configurable response workflows. They should invoke the optimal balance of process automation and human interaction to address your evolving security requirements. Resource-gapped organizations may not be able to respond to every incident. They may also not want everything automated as that can have adverse effects. The ideal scenario is to automate actions based on circumstances such as the organization's risk tolerance, skillset, and headcount. Some prefer a simplified experience with a sage to guide them in the playbook creation process. Consequently, more sophisticated users may prefer fully customized playbooks. 4 52% 57% of organizations reported experiencing an increase in the number of information security incidents following the COVID-19 outbreak.* of midsize and large enterprises believe their security staffing level is inadequate to handle the cybersecurity challenges they are facing today.* Did you Know [Alert Logic is] Easy to use, and I really like its dashboard because it shows a lot of useful and detailed information; the alerts are accurate and it allows me to be sure of any threat at any time. It is the best security tool and the best solution. Jaci K. Senior Software Engineer, Alert Logic Customer G2 Review