Data breach statistics are staggering. Through the end of March 2017, there have already been over 300 major breaches and over nine million records stolen. It’s a challenging problem and one that doesn’t come with a lot of solutions. Part of the problem is understanding what the patterns are. Today’s attacks have several stages from initial reconnaissance to object completion, as depicted in the Cyber Kill Chain which describes the phases of a targeted attack.
Incident response (IR) teams are overwhelmed. Larger attack surfaces, state-sponsored cyber terrorism, and the industrialization of cyber crime all create fires and headaches for IR teams.