It is never ideal to “go it alone” during a cybersecurity breach. Talk about a high-pressure situation.  Getting access to experts is critical: with a strong support team, you’ll have more hands on deck so you can act quickly, and when you tap into skilled incident response experts, you have the benefit of their experience in other similar environments that can be applied to your situation.

IDC recently published an IDC MarketScape on Incident Response and made the same observation. The report states, “The experience that IR service providers gain from working on many different incidents at many different companies is an invaluable perspective that enterprises crave for strategic planning purposes.”

We are pleased that Cisco is positioned as a Leader in the report, titled “IDC MarketScape: US Incident Readiness, Response and Resiliency Services 2018 Vendor Assessment – Beyond the Big 5 Consultancies”[1](download excerpt here). I’m very proud that the work our team is doing is recognized in a report such as this.

When I came into Cisco 3 years ago, I was very firm in my stance that I wanted to build an incident response business and capability that I could not only be proud of and evangelize, but would more importantly treat our customers like I would have liked to have been treated when I was on the other side of the table (spending time leading incident response teams at other Fortune 500s). I am proud of the fantastic men and women on our IR team who have worked tirelessly to execute this vision and always put our customers first.

I understand that customers have a lot of factors they evaluate when choosing an IR vendor.  The IDC report noted, “The main reasons to choose a provider is their technical acumen, reputation for security technology, security operational management, and threat visibility.”

Our experience at Cisco is the same. Our customers tell us the characteristics of our services they like best are:

  • Experienced consultants and mature incident response operational processes: Our specialists leverage not only a deep toolset of forensics hardware and software, but also robust enterprise class tools such as Cisco AMP for Endpoints, Umbrella, and Stealthwatch, along with a proven process to deliver incident response. The aggregation and analysis of our unrivaled telemetry provides Cisco Incident Response experts with a clearer, deeper view of your network. Our experts also apply their knowledge to strengthen your security program with assessments, threat hunting, and tabletop exercises, to name a few of the proactive services we can provide.
  • Access to Cisco Talos threat intelligence: Cisco Incident Response works hand-in-hand with Talos, the largest threat intelligence team in the world, to identify known and unknown threats, quantify and prioritize risk, and help minimize risk in the future.
  • Unique and transparent pricing structure: Customers can choose from Emergency Incident Response (if you are actively fighting a breach) or proactive services (if you’d like to prepare for the unknown). No investment goes to waste. If you buy our Incident Response Retainer and do not experience a cyber attack during the year, those hours can be applied toward things like Proactive Threat Hunting or an assessment. We also employ a very simple approach that allows us to operate quickly, and with the freedom to ensure the financial impact to our customers is reasonable and allows flexibility to adjust as the scope of the incident become better known. We recognize that IR service hours can go very quickly, especially in emergency situations with a number of people working around the clock, so we provide a daily update to our clients that also includes an update on hours utilized so far so there are never any surprises.

If you are evaluating Incident Response services for your organizations, consider downloading this IDC MarketScape excerpt to learn more.  We also encourage you to visit Cisco Incident Response Services on Cisco.com or contact us to have one of our experts speak with you.


[1]Source: IDC MarketScape: US Incident Readiness, Response and Resiliency Services 2018 Vendor Assessment – Beyond the Big 5 Consultancies”; #US44257117; September 2018.



Sean Mason

Director, Threat Management & Incident Response

Cisco Security Advisory Services