In 42 percent of incident response (IR) cases analyzed by Sophos, organizations didn't have the requisite telemetry logs needed to properly analyze an event.
When organizations lack adequate logging measures, it's often due to resource constraints, and limited IT and data capabilities generally, Peter Mackenzie, director incident response at Sophos, told The Register.
"Time is critical when responding to an active threat; the time between spotting the initial access event and full threat mitigation should be as short as possible," John Shier, Sophos field CTO, says in the report.
[
add
]
[
|
|
...
]