Key Criteria for Evaluating Cybersecurity Incident Response Solutionsv1.0

An Evaluation Guide for Technology Decision-Makers

Table of Contents

  1. Summary
  2. cSIR Primer
  3. Report Methodology
  4. Decision Criteria Analysis
  5. Evaluation Metrics
  6. Key Criteria: Impact Analysis
  7. Analyst’s Take
  8. About Chris Ray

1. Summary

Cybersecurity incidents are a daily occurrence and their frequency is only increasing. According to research conducted by the Cybersecurity and Infrastructure Security Agency (CISA), over 500,000 cyberattacks per day occurred in 2022, a count that has been steadily growing since 2016. The total number of attacks has risen to 6.4 billion, a truly staggering statistic.

Threat actors are deploying complex attacks and dynamic techniques to steal, compromise, and manipulate sensitive data from enterprises. Organizations are struggling to identify and mitigate cybersecurity threats, as exhibited by the fact that even businesses that adopt robust information security measures have been attacked.

It can feel as though everyone is a target, regardless of maturity and incumbent skills. This past spring, a large technology vendor trusted by the US government and many Fortune 500 companies was compromised. The vendor’s acknowledgment and response took months to be made public, a delay that was largely caused by the need to partner with a third party to perform an investigation after an internal investigation failed.

Unfortunately, many businesses do not have a cybersecurity incident response plan (cSIRP) in place to guide them during security events—and even if they do, it may not be sufficient. While the vendor referenced above had a cSIRP in place, it did not have staff with the skill required to execute the plan.

This is where professional cybersecurity incident response (cSIR) services come in. Organizations can preemptively partner with service providers or engage with them after a security incident. These service providers can be effectively bolted on to organizations, stepping in to lend a helping hand and perform tasks like forensic analysis of malware, incident scope identification, threat mitigation, strategic communications to the public and interested parties, and (the compulsory) data breach notification.

The GigaOm Key Criteria and Radar reports provide an overview of the cSIR market, identify capabilities (table stakes, key criteria, and emerging technology) and evaluation metrics (non-functional purchase drivers) for selecting a cSIR solution, and detail vendors and products that excel. These reports give prospective buyers an overview of the top vendors in this sector and help decision-makers evaluate solutions and decide where to invest.

How to Read this Report

This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:

Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.

GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.

Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.

Full content available to GigaOm Subscribers.

Sign Up For Free