The ability to respond is one of the few things the SOC has direct control over. Measuring the time between alerts and the time an alert is acknowledged and an investigation begins is key.
Measuring the time to remediate is key as once the alert is acknowledged, we need to limit the time the attackers have in your environment.
Measuring detection and response is different when automation is applied. It is key to understand which runbooks are manual and which runbooks are fully automated.
Copyright © 2020 AdvisorsDen - All Rights Reserved.