Virtualization Technology News and Information
Demisto 2018 Predictions: Incident Response Predictions

VMblog Predictions 2018

Industry executives and experts share their predictions for 2018.  Read them in this 10th annual series exclusive.

Contributed by Rishi Bhargava, VP and Co-founder, Demisto

Incident Response Predictions for 2018

One of the common challenges that security operation teams face is the lack of well documented and consistent incident response processes.  And if security teams do have a process, it is not usually followed or measured for each incident, resulting in the inability to streamline the process or improve meantime to repair (MTTR).

1.  GDPR compliance, once it goes in effect next year, will have a big impact on Incident Response

The General Data Protection Regulation that becomes effective in May 2018 is going to have a major impact on incident response. The GDPR requires organizations to report breaches within 72 hours of awareness of the breach. Reporting a breach appropriately will require an assessment of the breach to determine its scope and the extent of the damage. The 72-hour window does not allow much time for gathering the information and analyzing it to decide the appropriate reporting procedure. Organizations are going to need to ensure that they have complete visibility across all elements, including SaaS, cloud and enterprise infrastructures, mobile and all endpoints. The process of qualifying and responding to alerts will need to be optimized for a speedy, effective response.

2.  SOC Managers will start seeing ROI of a security orchestration platform

The new compliance standards like the General Data Protection Regulation (GDPR) that becomes effective in May 2018 along with existing standards, including HIPAA, PCI and GLBA compliance will need to be enforced, and companies will still need to safeguard their trade secrets, corporate data and their employees' personal data. The skills shortage and need for speed of response required when an incident happens will drive the need for security automation. Furthermore, automation will provide a level of consistency that is not easily achieved by humans. Therefore, more SOC managers will begin to see the value of a security automation and orchestration platform, and they will become better at calculating the return on such an investment.

3.  Security Automation will change from "good to have" to "must have"

Automated incident response goes hand-in-hand with an overall plan for security orchestration. Automation will go from "nice to have" to "must have." The sheer volume of alerts and the shortage of qualified talent make will make automation increasingly important to ensure that attacks are detected, triaged and handled in a timely manner.

4.  The role of Machine Learning in Incident Response will be clarified

Automation and security orchestration will increasingly rely on machine learning, but the role of AI will be clarified in 2018. There are still two myths circulating in the world of cybersecurity. The first is that machine learning could allow incident response to run on autopilot, and the second is that it will leave analysts underworked, potentially leading to reductions in staff. The myths will disappear, and cybersecurity professionals will begin to accept machine learning capabilities as just another tool that can be used to supplement the human staff. Machine learning will allow analysts to devote more of their time to tasks that only humans can handle, allowing them to make informed decisions when confronted with a threat. 

5.  Shift from Incident Response to Continuous Response (Rapid Detection and Response)

Another change in the way that incident response is handled in 2018 will be an increase in the number of organizations that move from reacting to threats - incident response - to being proactive about threats - continuous response. It is important to detect and respond to incidents quickly, but historically, most organizations have done a poor job at both. The mindset has been to view incident response as a reaction to an attack, typically resulting in increased attention to hardening defenses rather than learning from the past and preparing for the future. With so much evidence that the reactive approach is no longer effective, more cybersecurity professionals will embrace proactive defense by moving to a continuous response strategy.

6.  Incident response will become important to smaller organizations as well and the role of MSSP will be higher for that segment

According to a statement by the U.S. Securities and Exchange Commission, small and midsized businesses have become the principal targets of cybercrime, and approximately 50 percent of the small businesses suffering a cyberattack cannot survive the attack and end up out of business in six months. Since many small businesses cannot afford or cannot justify the expense to maintain a team of cybersecurity professionals, an increasing number will turn to managed security service providers to help them with their cybersecurity concerns.


About the Author

Rishi Bhargava 

A creative thinker and problem solver, Rishi has been building and managing successful enterprise products for many years. Making things "simple" is really hard. Rishi believes simplicity in every aspect will delight Demisto customers and has made it the guiding principle.

Published Monday, December 18, 2017 7:14 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2017>