Managing Breaches
Ending and Preventing Breaches
Security practices are built to avoid the worst case security event of a damaging breach. The security operation’s ultimate goal is to prevent a breach from ever happening, and to limit its impact if it does happen. No matter how thoroughly security teams do their job and how capable an MSSP is, breaches do happen. Therefore it is very important when evaluating MSSPs to understand how they respond to a breach.If an MSSP is unable to clearly explain their breach response protocols, or they claim they have never been breached, you should probably say thank you, goodbye, and never look back. Beyond that, it’s important to have the MSSP walk through exactly what they do in the event of a breach. Also, a good MSSP needs to be able to adapt their processes to your breach response requirements.To learn more about what security pros consider the biggest challenges in building an effective breach response, Mighty Guides asked about 3,000 professionals the following question:Which is the most challenging aspect of building a strong breach response capability?
The top two responses speak to the human and technical aspects of breach response:
- Improving dwell time, response time, and remediation time metrics
- Creating a clear set of established processes and protocols in the event of a breach
- Alert fatigue: differentiating between real threats and false positives
- Following established processes and protocols in the event of a breach
- Breach response automation
- Good digital forensics
The top two responses speak to the human and technical aspects of breach response:- Having clearly established processes and protocols – this is critically important for fast automated and human decision making that is necessary for breach containment;
- Differentiating between real threats and false positives – also critically important in avoiding alert fatigue, which can erode breach response effectiveness.