Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)

Better Incident Response: Let's Get Surgical

Darktrace's Dave Palmer on Disrupting Attacks While Maintaining Productivity
Dave Palmer, director of technology, Darktrace

As organizations detect more breaches, incident responders are increasingly overloaded, says Darktrace's Dave Palmer.

See Also: Are You APT-Ready? The Role of Breach and Attack Simulation

"Only a few years ago, it wasn't that unusual to hear people say to their boards: 'We've got a clean network; there have been no infections.' And it's unimaginable to be saying that to senior leadership today," he says. "Everyone finds routine infections all the time, and every now and again, there is ... a big, near-crisis problem."

As a result, he says, incident responders are "just running around on fire, trying to deal with the load that's coming at them."

So organizations need to explore how they can better "surgically interrupted the bad" while maintaining normal business processes, especially in environments where automation might pose risks.

In a video interview at the recent Infosecurity Europe conference in London, Palmer discusses:

  • The evolution of incident response, especially as breach detection continues to improve;
  • The increased use of orchestration - playbooks for machines to execute on incident responders' behalf - and where such automation most likely will help;
  • The need to develop more surgical incident response capabilities to help maintain business productivity and system uptime.

Palmer is director of technology at Darktrace, overseeing the mathematics and engineering teams and project strategies. With more than 10 years of experience in government intelligence operations, Palmer has worked at the U.K. intelligence agencies GCHQ and MI5, where he delivered mission-critical infrastructure services, including the replacement and security of entire global networks, the development of operational internet capabilities and the management of critical disaster recovery incidents.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.