虽然很少有网络安全专业人士将所有鸡蛋都投入到入侵防御篮子中,但三分之一的人支持入侵防御而不是事件响应 (IR),比例为 80/20 或更高。
That's according to a May 2022 Dark Reading report, titled "Breaches Prompt Changes to Enterprise IR Plans and Processes." The 2022 Incident Response Survey polled 188 IT and cybersecurity professionals about their IR capabilities.
A total of 34% of respondents said they prefer to put 80% (21% of respondents), 90% (10% of respondents), or 100% (3% of respondents) of their resources into intrusion prevention over IR. Another 34% also prioritized prevention, with 21% preferring a 70/30 split and 13% dropping to 60/40. Less than a quarter (24% in total) weighted the two approaches evenly or favored IR over prevention, with 13% of that total backing an even split of resources. Eight percent didn't have an opinion.
The numbers from 2021 were very similar, with only a slight shift toward a more even distribution of resources. For example, the 80/20 split was only 18% in 2021, whereas 60/40 and 50/50 both sat three points higher at 16% apiece versus 2022's 13%.
这些结果支持了总体看法,即组织仍然在预防入侵方面投入了更多精力,而不是在补救方面投入了更多精力。例如,Wakefield Research 代表 Red Canary、Kroll 和 VMware 进行的 2021 年调查显示,36% 的公司 didn't have a detailed incident response plan 到位。 和 last year's Strategic Security Survey Dark Reading 的调查显示,人们对周边防御技术非常感兴趣,72% 的人表示入侵预防和检测措施有效或非常有效。
来自的压力 美国政府 和 网络保险公司 然而,钟摆可能会朝 IR 方向摆动。 事实上,2022 年 XNUMX 月,美国总统乔·拜登签署成为法律 网络事件报告法,这需要关键基础设施行业 快速报告入侵 并采取行动予以补救。虽然该法律仅适用于被认为至关重要的 16 个部门,但它为其他希望实现这一目标的组织指明了道路。 制定 IR 计划.
要了解更多, 下载整个报告.
