SANS Incident Response Survey

<p>We are living in a time of an unprecedented number of events affecting the cybersecurity industry, ranging from issues with nation-state attackers to tumultuous elections to numerous government investigations. Throughout these events incident response (IR) teams have played a critical role in defending their organizations. This SANS Incident Response Survey focuses on the effectiveness of these IR teams and the factors that influence their success.</p> <p>Survey results show that IR teams are:</p> <ul> <li>Detecting the attackers faster than before</li> <li>Containing incidents more rapidly</li> <li>Relying more on in-house detection and remediation mechanisms</li> <li>Receiving budget increases to support their operations</li> </ul> <p>Despite notable advancements, however, there are still more areas which could be improved. This SANS Survey provides a detailed examination of survey results and corresponding guidelines for improving IR teams and efforts.</p>