SANS Incident Response Survey

Get Your Free Copy Now

Get Your Free Copy Now

Incident Response (IR) teams are designed to detect, investigate and, when necessary, perform remediation in the event of a critical incident. This whitepaper explores the results of the latest SANS survey, providing a picture of what IR teams are up against today—the types of attacks they see, what defenses they have in place to detect and respond to these threats, and their perceived effectiveness and obstacles to incident handling.

Some key challenges reported by responders to the survey were:

  • Lack of resources (time, staff, budget) to effectively execute improvements
  • Staffing and skills shortage
  • Vaguely defined processes and owners
  • Budgetary shortages for tools and technology
  • Not enough visibility into events happening across different systems or domains

Do these challenges sound familiar? Download the full survey to learn more about how other organizations are approaching incident response, along with best practices and advice.

About the Authors

Matt Bromiley, a SANS GIAC Advisory Board member who holds the GCFA and GNFA certifications, is an up-and-coming FOR572 instructor. A senior consultant at a major incident response and forensic analysis company, he has experience in digital forensics, incident response/triage and log analytics. His skills include disk, database and network forensics, as well as memory analysis and network security monitoring. Matt has worked with clients of all types and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, sharing with others and working on open source tools.

Rob Lee is the curriculum lead and author for digital forensic and incident response training at the SANS Institute. With more than 15 years of experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention and incident response, he provides consulting services in the Washington, D.C. area. Before starting his own business, Rob worked with government agencies in the law enforcement, defense and intelligence communities as a lead for vulnerability discovery and exploit development teams, a cyber forensics branch, and a computer forensic and security software development team. He also worked for a leading incident response service provider and co-authored Know Your Enemy: Learning About Security Threats, 2nd Edition.