Grey time is a critical feature for any incident management team. Let’s consider an incident response event that takes about 15 minutes, 30 minutes, or so. There will always be about 5 to 20 minutes of grey time in the entire process until the team can resume work interrupted due to the incident management response. The more grey time from work, the longer it would take to restart the project entirely.
Although grey time is not often added to the incident management event, cyber experts feel it is time to alter that approach.
READ MORE: IT Incident Management, the Future Trends
Grey time varies for every incident as the human element becomes critical here. The time needed to respond to any incidents of cyber threat goes for every individual. So, even after the threat is fixed, there could be a delay of a few minutes or more due to other factors.
The SOAR Approach
Reducing grey time is possible but requires the right approach. Therefore, experts put forward the ‘SOAR Approach.’ SOAR expands as the ‘Security Orchestration, Automation and Response’ approach.
READ MORE: Improve Vulnerability Management with Cybersecurity Performance Management (CPM)
Tasks that security professionals have to carry out manually could be automated. Mention is towards the tasks that take your time away from the so-called risk-informed projects. Incidents that can’t be entirely automated include the option of automating the process of pivoting from tool to tool.
Average statistics inform us that it takes around 23 minutes and 15 seconds to retain focus on the incomplete task after a distraction. When grey time is included, the time gap should be more.