As more and more organizations seek to wrap the highest possible levels of protection around their businesses, the whole concept of Incident Response has evolved into something increasingly complex and sophisticated. Every enterprise has different and individual requirements, both proactive and reactive. With every incident varying in vector, scope and overall impact, and with unique legal, regulatory and industry requirements, it’s vital that organizations tailor their approach, so they have the proper readiness and response strategy in place.
The ability to prioritize and address the growing number of security alerts is at least one of the issues challenging organizations. It creates an expanding gap between an initial compromise and the time a breach is detected. This is a growing issue as attacks take longer to discover, notification is delayed, forensics investigations are hampered, public opinion declines and regulators/auditors take harsh actions. All of which defines how an organization should shape and manage its response.
Who do the security professionals protecting these organizations turn to when deciding what approach to take? First, they need to ally themselves with a service provider that has deep skills and years of experience in helping resolve incidents, returning the business to normal operations rapidly and minimizing incident recurrence, while limiting any operational impact. Equally, all of this needs to be delivered in a way that makes financial sense.
Typical incident response services are built on a per-hour/per-diem structure, which can rapidly become quite costly. By contrast, Symantec's incident response services not only address these challenges, but also offer a unique price model by not charging an hourly rate. Moreover, its services are tailored to meet the needs of organizations wherever they may be in their security life cycle, namely:
- A current security crisis or breach situation
- An elevated concern based on an indicator that may signal potential incoming attack or current compromise
- Proactive and preparing in advance of an attack.
Irrespective of which of these paths an organization is on, Symantec follows generally accepted forensic procedures to collect, preserve and analyze evidence in accordance with their objectives. This includes a variety of techniques, such as log analysis, network, memory and systems forensics, live response, advanced malware analysis and security intelligence, to determine the root cause, timeline and extent of the incident.
But let’s return to the pricing challenge and the terms under which Symantec’s incident response solution is delivered. Symantec's new retainer services offer a flat rate by the day and number of experts needed, versus by the hour. There is no charge for travel time, senior leader engagement or remote project manager time. Also, with the new price model, Symantec will evaluate the situation and assess how many people and days will be required for the project and provide an estimate in advance. In doing so, any organization knows exactly what it will be charged at all times.
Finally, the Symantec incident response model is constantly evolving. The intelligence gathered from each and every incident is used to improve and advance its protection products and services, with the incidents modeled into a real-world investigation model and placed in Symantec's simulation platform for customer training.
We think our solution meets customers’ needs and addresses their concerns but what do you see as the most critical factors for organizations today in incident response? Cost, Timeliness, Intelligence, Detection, etc? What do they need that they might not even realize they are missing?