How a pharmaceutical leader’s four global security teams work smarter, not harder
Orchestrated incident response: The solution in action
With the growing number of cyberattacks and increasingly complex IT environments, an intelligent incident response plan
is more than just a set of instructions; it’s a dynamic foundation built on the alignment of people, process and
technology. The result? Faster, smarter and more comprehensive incident response.
The story of one IBM Resilient customer illustrates this point. The customer, a global pharmaceutical organization,
faced a unique challenge: its four security teams around the world were managing enterprise-wide incidents with
different processes. A new corporate policy was implemented to ensure correct handling of incidents by requiring the
teams to be on the same system. Their previous response tool was not flexible enough to orchestrate the four teams and
meet this request.
Lack of planning and orchestration led to a failed incident response that drew attention to the teams’ disorganization.
Each of the four teams responded to a privacy incident simultaneously, and each team gave different recommendations:
restrict permissions so only forensic had access, don’t do anything, pull the site down or delete the ﬁles. The
responsible party simply followed the ﬁrst recommendation he received instead of considering each one. This disconnect
made everyone else’s job harder and more complicated, and the incident was not resolved efﬁciently.
To ﬁx the problem, the security team chose the IBM Resilient Incident Response Platform (IRP) to fully orchestrate
their response. With 15 to 30 incidents to manage per day day — approximately 5,000 total that year — the four teams
were routinely out of sync. The IBM Resilient IRP allowed these security teams to connect the humans in the loop with
existing technologies and to create speciﬁc playbooks for incidents. Through Resilient, this organization was able to
fully orchestrate the response process.
Orchestrated response to 15 - 30 incidents per day 5,000 incidents per year
Since implementing the IBM Resilient IRP, the customer has not only gained signiﬁcant efﬁciencies when responding to
incidents, they’ve also mitigated risks associated with manual user error. Resilient helps cut down on spelling
mistakes and other important tactical concerns. The platform also gives their management sharper, more immediate
visibility into the response process. The customer has also been able to leverage 10 key security tools that integrate
with IBM Resilient, which has further streamlined the overall approach to keeping the organization secure in the face
10 key security tools integrated into the IR platform
All in all, the security team was able to cut a string of processes that once took 85 minutes down to just one or two
minutes. Today, with orchestrated incident response, the organization’s security teams continually create synergies
from the organization’s collective experience and intelligence.
85-minute response time reduced to 1 - 2 minutes