Share these talks and lectures with your colleaguesInvite colleagues
1-10-60: Measuring the speed of incident response
Threat intelligence reports have started to record adversary activities with such high fidelity that it is now possible to record how rapidly they perform their actions, showing that some adversaries are moving at staggering speed in some attacks and have highly professional operations. One such report is CrowdStrike’s ‘Annual Global Threat Report’,1 in which breakout time is used as a measurement of the speed of operations of cyber adversaries. But no matter which measurement we look at, it is clear that the attackers have a very efficient operation and do not suffer from the challenges the defenders face in their day-to-day operations that prohibit them from detecting, analysing and containing an incident rapidly before it spreads. This paper will discuss the speed at which the defensive side should operate and some of the challenges with, for instance, business processes they come across in order to keep up with the pace of the attackers.
The full article is available to institutions that have subscribed to the journal.
Ronald Pool is a cyber security specialist at CrowdStrike. With an IT career spanning more than two decades, including over a decade in cyber, he acts as an adviser to some of the biggest companies in the Benelux and Nordic regions with a focus on threat intelligence and endpoint protection. Ronald often speaks at events and sits in expert panels, displaying thought leadership on the topic of cyber security.