Hate the (Incident Response) Game

Red Canary

Share this Project

How much have you invested in computer security technology? How many vendor boxes are in your server rooms or data centers? How many bloated agents sit on your end-points? All that tech that promised to stop “advanced” threats and 0-days…

…how much was that last bill from the incident response company? The invoice for that breach that ran roughshod over all that technology?

We get it: You can’t not run anti-virus and firewalls and all that other stuff that regulators or “best practices” all say you need to have. To be honest we want you to have all that because they’re great noise reducers. But in the battle between signal and noise, what are you doing to get higher fidelity signals? And what are you doing once you hear those signals? If you’re like a lot of companies – no need to name names – you’re half-deaf from all the noise so you let important signals slip by. We are, all of us, only human.

Someone who wants to get into your systems will succeed and there is nothing you can do to stop them. So at what point are you going to realize that your attention shouldn’t be on getting better at stopping bad things from happening, but in responding more efficiently and effectively when they do?  If your only response to a successful attack is ‘Generally Accepted Incident Response Principles’ you’re adding insult to injury. The proverbial horses have been stolen and all you’re doing is spending a lot of money for someone to come in and close the barn door for you and to reiterate that you’re horseless.

In what other field of endeavor is this approach acceptable?

The future of defense is not in incident-response-as-usual but responding faster and more completely than has been done in the past. Those who respond the fastest are the ones who stand a chance at avoiding data loss, financial loss and penalties and sky-high invoices from those with a vested interest in keeping security expertise rare and expensive. By accelerating the time between intrusion and detection we enable you to respond quickly and completely, avoiding incident response-as-usual. By allowingyou to work at combat speed you have a fighting chance at thwarting whatever it is intruders thought they were going to get away with when they overcame or bypassed your defenses.

We hate the game so much we decided to start a new one. Who wants to play?