Abstract:

In today’s digital world, cybersecurity is one of the fundamental pillars of IT infrastructure. The number of detected security breaches continues to grow year after year and the implications of such incidents are not only financially damaging for organizations but also cause serious threats to their reputation and business continuity. This trend is driven not only by the rapid advancement of information and communication technologies but also by the increasing digitization of business processes, migration to cloud environments, the decentralization of IT resources and the rising number of Internet-connected endpoints. This paper surveys the main challenges and opportunities that can be faced during the CSIRT activities.

Modern IT systems are becoming increasingly complex, making them more difficult to effectively secure and monitor. In this context the role of Computer Security Incident Response Teams is becoming critical. Their effectiveness relies not only on the expertise of cybersecurity professionals but also on the use of modern technologies that support incident detection, threat analysis, automated response and real-time incident management.

The goal of this paper is to review existing literature and analyze present challenges of modern computer incident response teams and highlight the necessity of leveraging cutting-edge technologies to ensure effective detection and handling of high amounts of security incidents. Furthermore, the paper proposes the architecture of log collection and analysis for reliably detecting and handling incidents. It also emphasizes best practices, automation and future research directions in this field.