Better Incident Response: Let's Get SurgicalDarktrace's Dave Palmer on Disrupting Attacks While Maintaining Productivity
As organizations detect more breaches, incident responders are increasingly overloaded, says Darktrace's Dave Palmer.
"Only a few years ago, it wasn't that unusual to hear people say to their boards: 'We've got a clean network; there have been no infections.' And it's unimaginable to be saying that to senior leadership today," he says. "Everyone finds routine infections all the time, and every now and again, there is ... a big, near-crisis problem."
As a result, he says, incident responders are "just running around on fire, trying to deal with the load that's coming at them."
So organizations need to explore how they can better "surgically interrupted the bad" while maintaining normal business processes, especially in environments where automation might pose risks.
In a video interview at the recent Infosecurity Europe conference in London, Palmer discusses:
- The evolution of incident response, especially as breach detection continues to improve;
- The increased use of orchestration - playbooks for machines to execute on incident responders' behalf - and where such automation most likely will help;
- The need to develop more surgical incident response capabilities to help maintain business productivity and system uptime.
Palmer is director of technology at Darktrace, overseeing the mathematics and engineering teams and project strategies. With more than 10 years of experience in government intelligence operations, Palmer has worked at the U.K. intelligence agencies GCHQ and MI5, where he delivered mission-critical infrastructure services, including the replacement and security of entire global networks, the development of operational internet capabilities and the management of critical disaster recovery incidents.