If you’ve been in any level of incident response, there is a moment in the conversation when someone asks a deceptively simple question: “When did this start?” It sounds like a straightforward request…after all, security teams collect logs, alerts, and telemetry from systems across the organization. We have dashboards, SIEMs and sometimes monitoring platforms that […]
Incident Response Without Situational Awareness Is Theater
I recently had a discussion with a few colleagues about incident response. It started the way these conversations often do, with someone asking what “good” incident response really looks like and some of the incidents that I’ve worked on. That question sounds simple, but it is not. Before long, we were debating playbooks, tabletop exercises, […]
Recent Comments