Resolve Systems: “Enterprise Security Incident Response Trends to Watch in 2018”

Share Article

SOC investments expected to grow; MSSPs will be held to a higher standard and SIR platforms will be necessary for scale

Resolve Systems
Automation and orchestration together help reduce noise, provide an organized and auditable approach to investigate and remediate incidents which enables time consuming, repetitive tasks be completed quickly.

Resolve Systems, the most widely deployed across Fortune 500 companies for IT and security incident response automation and orchestration, today shared the top trends to watch in 2018 relating to incident response and automation. The list of predictions are founded on the company’s deep insight into the challenges enterprises express in today’s new normal of high impact outages/breaches and why companies are investing in incident response and automation technology.

“Cyberattacks and threats will continue throughout 2018, therefore we’ve identified trends relating to response and remediation. Operations and incident response teams are overworked and overwhelmed, and struggle with manual responses given their workload and current resources. Understanding this, we expect to see greater investment in incident response technologies and a change in how the SOC is managed, more dependence on MSSPs and an increasing acceptance of automation,” said Larry Lien, Chief Product Officer at Resolve Systems. “Automation and orchestration together help reduce noise, provide an organized and auditable approach to investigate and remediate incidents which enables time consuming, repetitive tasks be completed quickly.”

Resolve’s 2018 enterprise security incident response predictions include:

1.    Automation Acceptance. Businesses' comfort with security automation will increase due to the necessity for scale. Increasing volume of automated attacks will make it impossible for SOCs to keep up via manual processes alone. Solutions that help hesitant organizations begin to embrace automation (via a crawl/walk/run strategy) will capture increasing market share. This is supported by Forrester Research’s November 9, 2017 report, “Predictions 2018: Automation Alters The Global Workforce.” The report states “Prediction 9: A true combined security and ops automation platform will roll out.”

2.    Lower SOC Entry Level. Users will increasingly seek solutions that can lower the bar of entry to security teams. Due to security's significant skills gap, solutions that help less experienced professionals become quickly effective as Level 1 SOC analysts will be increasingly valued.

3.    Continuous Response. The market's focus on incident response will change from today’s reactive position to a continuous one. Post-mortem analysis on security incidents will lead ongoing enhancements and testing for response playbooks. The growing field of "range training" for security team members and red team/blue team simulations indicate that attack rehearsals and playbook tuning will receive increasing attention.

4.    Savvy MSSP Shoppers. MSSPs will be affected in 2018 and beyond, as clients begin to request MSSPs to demonstrate attack responses and share metrics on time to respond/remediate for specific incident types. Increasing media coverage and public awareness of security incidents will make for more savvy buyers who want more detailed evidence and assurances of an MSSP's ability to respond effectively to a significant breach.

5.    SOC as IR Thought Leader. The SOC team will become a driver for efficiency, automation, and best-practice procedures in IT, Network, and Service Desk, as the remediation activities that these teams perform in security incidents are critical for the success of the SOC. Given this, the SOC may well stand to be the model for all technical teams in an organization.

6.    SIR Platform Required. Having an incident response platform will become a non-negotiable for security teams. As the rate and scale of cyberattacks will be a forcing function for the adoption of automation, the pain of attempting to automate in a fragmented and piecemeal manner will exert pressure on the SOC to bring in a proper incident response platform to orchestrate and automate response.

7.    More Money = More Scrutiny. In the wake of recent catastrophic security incidents, CISOs and SOCs will see increasing investment and budget to purchase tools. However, with these added funds will come the onus to demonstrate measurable results and improvements, so teams will seek ways to demonstrate success with analytics, reporting, and attack simulations.

8.    SOC Developed Automation. As a necessity, many SOCs are already scripting and building out automations to support some simple mundane and repetitive tasks. Leveraging their security expert’s “tribal knowledge”, however, many SOCs will find efficiency in building their own automations and look for tools that lower the programming barrier. They will seek solutions that enable those who know how to investigate and remediate incidents to create automations with no programming skills.

9.    Possible CSIRT Resurgence. While the construct of the cybersecurity incident response team (CSIRT) has existed for some time, 2018 will show increased interest in creating these in-house, cross-disciplinary incident response teams. As more and more organizations realize the necessity of enterprise-wide security response, the CSIRT will potentially become a way of attempting to solve cross-team collaboration challenges without having to completely rewire political and technical relationships between Security, IT, Network, and Service Desk.

10.    More Movement to MSSPs. MSSPs will receive greater interest from organizations that recognize the level of effort and in-house expertise required for a successful SOC is beyond their means. Smart MSSPs – those that have the right personnel and tools available to build buyer confidence – that demonstrate the ability to meet core enterprise requirements and state-of-the-art responses to security breaches will attract the most interest.

Many of these topics were addressed during Resolve’s 2017 Incident Resolution Summits. To learn more about the Summits, visit:

About Resolve Systems
Resolve Systems is the global leader in providing a single platform for enterprise-wide incident response, automation and process orchestration for Security Operations, IT Operations, Network Operations and service desk teams.

Resolve accelerates incident response and resolution by supplying engineers with partially or fully customized human-guided automations, powerful real-time incident collaboration and the omnipresence to orchestrate existing systems, across silos.

Headquartered in Irvine, California, USA with operations in EMEA and APAC, Resolve Systems works with nearly 100 of the largest global firms and is majority owned by funds affiliated with Insight Venture Partners, a leading global private equity and venture capital firm investing in high-growth technology and software companies.

About Insight Venture Partners
Insight Venture Partners is a leading global venture capital and private equity firm investing in high-growth technology and software companies that are driving transformative change in their industries. Founded in 1995, Insight has raised more than $13 billion and invested in nearly 300 companies worldwide. Our mission is to find, fund and work successfully with visionary executives, providing them with practical, hands-on growth expertise to foster long-term success.

For more information on Insight and all of its investments, visit or follow us on Twitter.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Marin Sakhri
Resolve Systems
+1 (949) 954-6592
Email >
Follow >
Resolve Systems
Like >
Visit website