What is the data breach lifecycle? IBM defines it as the time elapsed from the first detection of a breach to its containment.
“If a breach occurred on January 1 and it took 287 days to identify and contain,” writes IBM, “the breach would not be contained until October 14.”
The longer it takes to identify a breach, the more expensive it becomes. IBM also found that breaches with a lifecycle of 200 or more days cost an average of $4.87 million, compared to a lifecycle of less than 200 days costing $3.61 million.
One way to reduce a breach’s lifecycle is with threat detection and response with a tool like a SIEM.
What Is SIEM?
SIEM stands for security information and event management.
A SIEM tool collects logs from different pieces of hardware and applications into one centralized location and then analyzes the log data for potential security events.
When your business considers its first or its next SIEM, consider what protections it offers—and doesn’t offer—for your sensitive data. Know what trade-offs you’ll be making, and have a plan in place for what to do with alerts your SIEM sends your way.
If 287 days sounds like too long for a data breach lifecycle, you’re right. SIEMs can help reduce financial and reputation risks throughout that time.