What is Incident Response?

Defining Incident Response

Before defining incident response, it should be understood what is meant by an incident.

An Incident is any unlawful/unauthorized action that involves a computer device, including IoT that has an Operating System and network connectivity.

Incident Response is a structured approach to validate, contain, and remediate malicious activity. This process starts at threat detection and is completed when there is resolution to the malicious activity.

Why is Incident Response Important?

According to findings from the 2018 Ponemon Breach Report, the average cost (incident containment) of a compromised or lost record due to a breach was $148 per record and the cost savings of having an Incident Response program to address compromised/lost records would be $14 per record.

An effective incident response solution identifies, validates, and remediates incidents in a structured way minimizes the adverse impact (etc. disruption of service and loss of data) for an organization. The goal of an incident response solution is to ultimately restore the organization back to normal operating standards before the incident occurred.

Mastering Forensics and Incident Response

Learn More

Detect and Respond to Incidents Faster

Accelerated incident response, from validation to containment to remediation, reduces the potential damage to your organization. Fidelis Endpoint and Fidelis Network can help identify malicious activity, contain it, and where provide the remediation steps and capabilities needed to eradicate the threat and strengthen security against future attacks.

Types of Incidents or Key Components of an Incident

  • Social Engineering (Email, Web Drive-by Phishing Activity)
  • Web Application or network compromise
  • Insider Threat or Acceptable Use Policy violations
  • Incidents involved data theft of that involves PII/EPHI/PCI or intellectual property
  • Incidents involving the theft of funds
  • Presence of malware or blended threats
  • Possession of illegal/unauthorized material that violates company policy or state and federal laws