Thomas Etheridge
SVP of Services at CrowdStrike
According to the 2022 CrowdStrike Global Threat Report, the average breakout time for adversaries — the time an adversary takes to move laterally from an initially compromised host to another host within the victim environment — is 98 minutes. Measuring your teams’ ability to detect, triage and remediate potential adversary activity immediately, before they can move about the network and cause damage, is a clear indicator of the strength and effectiveness of your strategy.
Consistently being able to adhere to the 1-10-60 rule is a signal of an effective strategy: one minute to detect, 10 minutes to investigate and 60 minutes to remediate. Security teams that strive to meet the metrics of the 1-10-60 rule can significantly minimize both the cost incurred and the damage done by attackers.
Secondly, engaging with outside Incident Response, Managed Detection and Response, Recovery and Threat Hunting teams to supplement and enhance your team’s capabilities in a cyber crisis can really have an impact. Many of these providers…
