BREACH RESPONSE PREPAREDNESS INCIDENT RESPONSE RETAINER LEVELS BENEFITS OF AN ANNUAL IR RETAINER NON RETAINER CUSTOMER Industry average time from breach to initial analysis 2-15 DAYS RESPONSE TIMING COMPARISON RSA RISK & CYBERSECURITY PRACTICE IR RETAINER: 70% IR Retainers help an organization align with the requirements and incentives offered by cybersecurity insurance providers IR Retainers provide rapid access to top tier IR professionals and supplement internal teams via surge resourcing during sophisticated attacks IR retainers are a proactive cyber- security measure that can significantly reduce an attacker's dwell time and reduce the impact of a breach Incident responders familiar with customer’s environment IR vendor search and selection PROCUREMENT OF IR, LEGAL PARTNER ENGAGED* • Proactively prepare for an incident or breach • Accelerate response time from several days to as little as 3 hours • Be better prepared to satisfy regulatory requirements like GDPR’s 72 hour window for reporting a breach after discovery • Enable future and rapid procurement with a contracted and pre-approved IR vendor • Facilitate rapid response with IR expertise that is already familiar with your environment, technology, available data, challenges and other important details Be Prepared! An incident response retainer reduces the time required to engage top-tier IR professionals and reduces exposure to risk during an incident or breach. 90% of organizations are dissatisfied with their response time 2 RSA Risk & Cybersecurity Practice team's expertise has been acknowledged as a “Strong Performer” in the Forrester Digital Forensics and Incident Response (DFIR) report and is an NSA accredited Global Incident Response practice. Explore the four levels of RSA Incident Response Retainers RSA and the RSA logo are registered trademarks of Dell Technologies in the United States and other countries. © Copyright 2018 Dell Technologies. All rights reserved. Published in the USA 3/17 Infographic H17025. LEARN MORE SIGN UP NOW of organizations knew they were compromised in the past year 1 IR RETAINER CUSTOMER Industry average time from breach to initial analysis 3 HOURS Ongoing analysis Preliminary analysis complete Multiple IR resources engaged REMEDIATION UNDERWAY Compliance notifications distributed Day 1 3 hours Day 2 Day 2 Day 3 / 72 hours Day 11 Duration Effort Estimate (hours) SLA: Initial Response SLA: Initial Analysis SLA: On-site Analysis Use of Unused hours Deliverables 1 year 24 8 24 72 n/a Preliminary analysis report 1 year 66 6 24 48 Preliminary analysis report 1 year 120 3 12 24 Preliminary analysis report 1 year 242 3 12 24 Preliminary analysis report Incident discovery report Board readout from RSA Exec Bronze Silver Gold Platinum SUSPECTED INCIDENT DETECTED GDPR REPORTING DEADLINE 72 hours 72 hours Ongoing analysis Preliminary analysis complete Multiple IR resources engaged REMEDIATION UNDERWAY Compliance notifications distributed Day 12 Day 13 Day 14 SUSPECTED INCIDENT DETECTED Day 1 ] *Many unfavorable terms are missed in a rush and understanding of consequences are not understood. 1 RSA Cybersecurity Poverty Index 2016 2 RSA Threat Detection Effectiveness Survey 2016 The hour glasses below show a real-world response timing comparison. IR Retainer customers gain several benefits from establishing a long-term relationship with an IR firm who is already familiar with their organization, environment, technology, available data, critical assets, people, regulation mandates and any other critical information.