Features, Insight, Interviews

Incidence Response-the secret to strong cyber resilience

Kapil Matta, Regional Manager, Enterprise at Malwarebytes, tells Security Advisor that the key to good cyber resilience is Incidence Response.

It feels great to be at GISEC, a truly global event for cybersecurity in the region, said Kapil Matta. In his opinion, participating in the event this year is special because the who’s who of the cybersecurity can now meet up again and exchange ideas and information face-to face.

According to him, Malwarebytes has been leveraging years of security experience in remediation to provide customers with threat intelligence from millions of Malwarebytes-protected endpoints, across both business and consumer endpoints. “Malwarebytes Endpoint Protection, managed within our own cloud-native Nebula console, easily scales to meet future requirements. It effectively and efficiently detects suspicious activity, prevents attacks and removes malware infections. Other solutions can be difficult to deploy and manage, and only remove malware executables, leaving damaging artifacts and configuration changes behind. Because of less effective classification machine learning models, other solutions can have high positive alerts that burden analysts and security teams and prevent accurate detections. Malwarebytes has won several industry-wide awards and accolades for its effective detection with low false positives”.

In his opinion, incident response is an important key to cyber resilience.

“While strong prevention is crucial, organisations must also have strong capabilities to detect and remediate attacks that can get through even the best defences. Minimising dwell time is critical to minimising damage and an area where organisations need to focus optimising their incident response processes”.

“According to incident response (IR) teams, malware is the root cause of 68% of the incidents they investigate. But how long does it take to recover from these attacks? When an attack occurs, security best practice recommends meeting the 1-10-60 rule: 1 minute to detect, 10 minutes to investigate, and 60 minutes to remediate. However, the reality is that security operations centre (SOC) teams require days to weeks to eradicate an incident.

Matta pointed out that automation tools are a key contributing factor behind increased response time efficiency. In fact, 25% of incident responders list full automation of detection, remediation, and follow-up workflows in their 12-month plan for incident response improvements.

“IR automation requires parting ways with the traditional re-imaging processes. While reimaging an infected endpoint has a long legacy as the de facto standard, it’s fraught with time inefficiencies and inherent risks. This adds up to hours of restoring endpoints and lost productivity caused by employees. There’s also a high likelihood of lost work caused by the time between the last clean backup and the time of infection. The net result of this is a loss of employee productivity and ultimately money”, he added.

In conclusion, Matta shared, “By compressing response times with fast and complete remediation and API integration across organisations’ security stack, enterprises can drive further automation and orchestration while bolstering cyber resilience”.

Previous ArticleNext Article


The free newsletter covering the top industry headlines