In cybersecurity parlance, dwell time, the time an intruder lurks in a network before being identified, holds the key. The longer the attacker stays, the more damage he/she can do. Organisations need to reduce dwell time so that it can launch counter measures and restore the data.
To help organisations quickly respond to cyber incidents, cybersecurity solutions company Sophos launched Incident Response Retainer, which helps organisations cut red tape, launch investigation, and take damage-control measures. “External vulnerability scanning and critical preparedness guidance are also included in the retainer, enabling organisations to proactively improve their existing security resilience by pinpointing and resolving issues that reduce the likelihood of a breach in the first place,” a Sophos executive said.
As corrective measures are launched sooner, the dwell time of intruders is significantly reduced.
The new service includes 45 days of 24/7 Managed Detection and Response (MDR).
The retainer service scans the network for vulnerabilities to patch and prevent breaches. Besides a team of experts will be on standby 24/7, ready to battle head-to-head with adversaries. “The time to locate and evict adversaries is critical in limiting damage and completely stopping nefarious endgames, such as data breaches and ransomware,” he said.
Decreasing dwell time
A recent study by Sophos found that the median adversary dwell time continued to plummet, from 10 days in 2022 to eight days in the first half of 2023. For ransomware alone, the time between initial access and impact dropped from nine days to just five.
Incident response retainers help organisations prepare in advance for the fastest response time possible to defend against active cyberattacks. “Due to today’s complex and mixed-vendor computing environments, skills shortages, evolving attacker behaviours, and cyber insurance requirements, it’s critical that all organisations have pre-determined incident response plans in place,” Rob Harrison, Vice-President (Product Management) of Sophos, has said in a statement.
“Tangible ‘readiness’ is now a key component for cyber resilience,” he asserted. “Adversaries will often abuse the same weakness in a single system, and it’s not unusual for multiple, different attackers to go after the same target if there’s potential exposure,” he said.