When it comes to incident response, organizations don't lack threat intelligence. They lack the automation, tools and the skilled staff to act on that intelligence, says Craig Carpenter of AccessData.
Getting security alerts is the least of the challenges for most organizations, says Carpenter, chief marketing officer at security vendor AccessData.
"People aren't correlating different pieces of information they're getting [from various technology solutiuons]," Carpenter says. "They're basically drowning in information, drowning in alerts, and they're not able to make any of it actionable."
Carpenter sees three fundamental incident response challenges for organizations. The right automated tools and processes are the two easier challenges to tackle. The toughest one is finding personnel with the right skills. "It's typically a security analyst," Carpenter says. "Someone who can look at information about what's happening on an endpoint or in a network and glean from that 'OK, this is good, this is bad, this requires further investigation.'"
There are so many events happening on a daily basis, incident response teams fundamentally must be able to take action to determine if an event is real. "Every minute spent on a false positive is a minute not spent on a real situation," Carpenter says.
In an interview recorded at Black Hat USA 2014, Carpenter discusses:
- Why organizations are 'drowning in alerts;'
- Top skills needed by incident response teams;
- How to use automated tools to turn threat intelligence into action.
Carpenter is the Chief Marketing Officer of AccessData, overseeing global marketing strategy and demand generation programs. Prior to joining AccessData, he was VP of Marketing and Business Development at Recommind, where he pioneered and popularized predictive coding and predictive information governance into the hottest trends in the e-discovery and GRC markets, respectively. Before joining Recommind, he led the global field and channel marketing at network leaders, Mirapoint and Fortinet.