This series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production.
The Ponemon Institute published a survey earlier this year on incident response readiness. (You can download the entire report from Lancope that sponsored the research.)
Out of 674 qualified respondents an amazing 57% felt that their organizations would suffer a material breach in the next twelve months. Only one third had invested in improving their incident response capability.
As Mike Potts, President and CEO of Lancope told me in an interview at this year’s RSA Conference it is only a matter of time before an organization will realize a material breach. “It’s not if, it’s when.”
The most significant result for me was the fact that 80% of the CEOs are not even informed of major incidents, indicating a lack of connection between IT security and the C suite. Larry Ponemon’s reaction to this was strong. He thinks CEOs must become Super CISOs, taking an active part in security planning and being aware of their posture.
Incident response was the message of the day our of RSAC 2014. It was the most frequent conversation I had that week. Capturing network traffic, either in the form of Netflow data such as Lancope’s tool StealthWatch, or full packet capture. Netflow is meta data that is easy to pull off network gear like routers, switches, and firewalls. It is essential for situational awareness.
From this visibility, unusual or threatening activity can be quickly identified. The hope is that an incident response team can be aware that there is an incident well before the Secret Service comes knocking–as was the case in the Target incident.
Ponemon found that incident response is still a part time responsibility inside many organizations. That will have to change or those 57% are going to have their fears of a material breach realized.
Watch the interview with Larry Ponemon and Mike Potts below.