What is incident response?
NIST defines incident response as, “The mitigation of violations of security policies and recommended practices.” Incident response (IR) is the point at which the SOC kicks into high gear to contain, eradicate, and recover from an attack – before data is lost or the business is irreparably harmed. The incident response process is an involved, multi-step process that requires a synchronized team to bring the business back to a normal state of operations.