Incident Response

Incident response: practice like you play 

Security teams know that speed is critical in any incident response (IR). For a look at what can go wrong without it, read the recent SC Media article on the cyberattack against Tenet Healthcare, one of the largest hospital care service providers in the U.S., operating 65 hospitals and more than 450 healthcare facilities through its subsidiaries and brand. 

In that incident, Tenet suffered a month-long outage and $100 million in lost revenues. A faster incident response could have reduced the damage.

Security experts have pointed out several ways to improve incident response, including enhanced endpoint monitoring and control, better communication across departments, and deployment of automated detection and response tools.

In a recent episode of Enterprise Security Weekly, guests discussed another way to approach IR: like a sport, where practice makes all the difference.

Imagine playing a sport where the team meets for one half-hearted practice once a year. How would that team perform under pressure? How would they communicate?

Say this sports analogy has convinced you that the IR team should practice more and should practice effectively. Questions remain – how often? Are tabletops enough, or are live exercises and simulations necessary?

Joining Enterprise Weekly to discuss the sports analogy were Paul Kelly, global director of technical solution engineering at Tanium, and his colleague, Financial Services Strategist Tim Morris.

“[Incident response] is just like any team sport,” Morris said. “You have to practice and find where your weaknesses are and who your first responders are, how you’re going to communicate incidents and what the PR strategy will be. All of these have to be practiced as one would with any sport. What football team doesn’t go out there having their first plays ready to go?”

Kelly and Morris discussed one way to play the sport more effectively and gain the necessary speed mentioned above: Converged Endpoint Management (XEM).

Tanium’s solution defends every team, endpoint and workflow against the largest attack surface in history by delivering a convergence of IT management and security operations with a single platform. This integrated offering links IT operations, security and risk teams from a single pane of glass to provide a shared source of truth, a unified set of controls, and a common taxonomy that brings together siloed teams for a shared purpose — to protect critical information and infrastructure.

This segment was sponsored by Tanium. Visit  to learn more about them, and visit for all the latest episodes.

Bill Brenner

InfoSec content strategist, researcher, director, tech writer, blogger and community builder. Senior Vice President of Audience Content Strategy at CyberRisk Alliance.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.