Incident response still relying on ‘old tech’
By Benjamin Cher April 13, 2016
- Being coordinated via email, spreadsheets and phone calls … no, really!
- ‘Personal productivity tools are no way to run an IT organisation’
THE fight to protect IT systems from attacks is ramping up, with defenders now armed with an arsenal of information and analytics feeds across the network.
But despite all this highfalutin technology, the incident response process still relies heavily on email, spreadsheets and phones calls across teams.
This slows down the incident response process, allowing attackers more time in the system, according to James Fitzgerald, vice president of Asia Pacific and Japan at Santa Clara, California-based cloud computing company ServiceNow Inc.
“Incident response tends to be based on informal processes, with effectiveness and efficiency limited by the burden on manual processes,” he tells Digital News Asia (DNA) via email.
“They’re using emails, spreadsheets and phone calls for cross-team handoffs and siloed security products.
“With such practices in place, it’s no wonder that it takes enterprises an average of 206 days to spot a breach and an average of 69 days to contain it, according to the Ponemon Institute,” he adds.
What organisations need instead is a workflow that can automate security and accelerate response time, Fitzgerald argues.
“Not only does this assist IT, automated remediation of specific event types or on specific services can help reduce the load on the security response team, so that they focus on more sophisticated attacks,” he says.
When an incident happens, one needs to get to the root of the issue as quickly as possible, regardless of the risk level, according to Fitzgerald.
Organisations need tools that can detect and correlate information on incidents and vulnerabilities in real-time, since they will be racing against the clock to shut out the intruder before data can be exfiltrated.
Keep it simple, stupid
The security process also needs to be simple to enable a speedy a response as possible. This is why organisations need to move away from email and spreadsheets.
“Personal productivity tools are no way to run an IT organisation,” says Fitzgerald (pic).
“Any process that is underpinned by these methods does not deserve to be called a process, as you cannot put any automated management around it,” he adds.
A complicated process will only bog down the process.
“Without visibility into requests and incidents, support teams struggle to prioritise and assign work to the right expert, to resolve bottlenecks and provide timely responses to employees,” says Fitzgerald.
“Just the act of quickly getting incident management running is a big win that can drive up to a 20% improvement in the time it takes to resolve open issues,” he adds.
Being on top of all your IT assets is also important.
“A single system of record is critical to understanding what assets you have, where they are located, who has access to them, and what business services they support,” says Fitzgerald.
“Connecting assets to incidents, requests, problems, changes and so on, gives greater visibility to security operations and makes the resolvers more informed and efficient.
“It also gives you the power of knowledge to better advise the business,” he adds.
This is especially true when measuring performance indicators, because if you can’t report on it, it doesn’t mean anything.
“CIOs and CTOs (chief information and technology officers) are constantly being asked for visibility into the work being done in IT,” says Fitzgerald.
“Whenever you roll out an IT service management process, you have to know what you want to measure – if you can’t measure it, you can’t improve it,” he adds.
This is crucial at a time when companies are spending increasing amounts of money to secure their IT infrastructure.
According to IDC, organisations in Asia Pacific region were estimated to have spent US$230 billion to deal with cybersecurity breaches in 2014.
Related Stories:
Network visibility not just about security, but future-proofing
Singapore prepares cloud outage incident response guidelines
Automated security is now a reality
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.
