Incident responders have no shortage of products that help to identify threats. From the earliest virus scanners and IDS products to modern solutions that utilize machine learning to analyze behavior, the goal has always been simple yet unattainable: to keep adversaries from accessing private resources and doing damage to the organization. While there is no specific right or wrong way of trying to achieve this, there is an unspoken principal that is critical to this process is “time.” Time factors into each step of the incident response process, from time to detection through time to containment.
