2022-01-11T08:57:00Z
EB
Director of Community at PeerSpot (formerly IT Central Station)
  • 5
  • 743

What is the difference between mitigation and remediation in incident response?

Hello security professionals,

What is the main difference between these two terms in incident response:  mitigation and remediation.

Please share some examples, if applicable.

Thanks,

5
PeerSpot user
5 Answers
BH
IT Security Coordinator at a healthcare company with 10,001+ employees
Real User
Top 5
2022-01-11T14:45:10Z
Jan 11, 2022

Mitigation is taking your car in for an oil change and tune up. 


Remediation is them finding you have a blown gasket seal and replacing the parts and greasing the engine to make your engine doesn't blow. AKA security vulnerability management.

Search for a product comparison in IT Alerting and Incident Management
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a retailer with 10,001+ employees
Real User
Top 5Leaderboard
2022-02-01T22:10:38Z
Feb 1, 2022

Mitigation: the act of reducing how harmful, unpleasant or bad something is.


Remediation: the process of improving or correcting a situation.


Please, see this material from CERT and check phases and differences.


https://github.com/certsociete...

SC
Lead Consultant, Owner and Founder at a tech consulting company with self employed
Real User
Top 20
2022-01-12T14:55:27Z
Jan 12, 2022

Mitigation is pre-emptive. Remediation is reactive. Others have provided excellent examples.


Mitigation is the implementation of RAID storage. 


Remediation is the recovery of a failed disk. 


Both may be needed over the lifecycle, but the level of effort for remediation is much higher and the quality of recovery is significantly lower without mitigation - net the cost of doing business is higher without mitigation.

Luis Apodaca - PeerSpot reviewer
IT Support and Network Admin at Escuela Carlos Pereyra
User
Top 5
2022-01-12T14:36:57Z
Jan 12, 2022

Let's say in an IT environment:


"Mitigation" moves your virtual machines or containers to another Virtualization server to keep production while you find and solve the problem.


"Remediation" is, in fact, finding the problem, solving it, taking notes and preventing it from happening again.


Those are just examples. 

RB
IT Consultant at SELF
Real User
2022-01-11T15:05:23Z
Jan 11, 2022

Mitigation is changing the flat tire. Remediation is getting the nails off the road. 

Learn what your peers think about PagerDuty. Get advice and tips from experienced pros sharing their opinions. Updated: March 2023.
687,947 professionals have used our research since 2012.
Related Questions
EB
Director of Community at PeerSpot (formerly IT Central Station)
Dec 21, 2022
Hi community, What tools and solutions do you use to maximize the power of the automated incident response in a large organization?  Is it SOAR only? Others?Thanks!
2 out of 4 answers
Filip Stojkovski - PeerSpot reviewer
VP - Security Automation Lead at a financial services firm with 10,001+ employees
May 3, 2022
Mainly SOAR.
ES
TitleContract Program Manager for Dept of Education Security Engineering & Architecture SME at Delmock
Jul 19, 2022
SOAR - it uses AI/ML which can predict and execute...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Dec 21, 2022
Hi SOC analysts and other infosec professionals, Which standard/custom method do you use to decide about the alert severity in your SOC?  Is it possible to avoid being too subjective? How do you fight the "alert fatigue"?
2 out of 7 answers
RC
IT Security Consultant at Microlan Kenya Limited
Jan 20, 2022
Hi @Evgeny Belenky, I think as long as you do this thing manually, you will always have to be subjective. One will always say alerts from critical assets first, setting them with higher priority. But the concept of threat intelligence will help. Threat intelligence feeds will help in improving information about the threats you are handling. Without this, your assets and rules you set will always say "hey, this is a serious malicious activity" with brief information unlike when you get feeds from various sources of threat intelligence.  Fighting alert fatigue - It's good to have playbooks do some repetitive work. If an alert is generated, instead of jumping into all of them as analyst, playbook will help you automate some activities like checking file hashes in virus total. At least in the end one will be getting alerts that matters most and with sufficient information added by playbooks.
Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Jan 20, 2022
Hi @Evgeny Belenky​, Below are a few strategies if taken into account can reduce cybersecurity alert fatigue in SOC. 1. Threat intelligence 2. Native integration 3. Machine learning 4. Watchlists 5. UEBA (User and Entity Behavior Analytics) 6. Automation
Related Articles
EB
Director of Community at PeerSpot (formerly IT Central Station)
Nov 19, 2021
Hi community members, Spotlight #2 is our fresh bi-weekly community digest for you. It covers cybersecurity, IT and DevOps topics. Check it out and comment below with your feedback! Trending What are the pros and cons of internal SOC vs SOC-as-a-Service? Join The Moderator Team at IT Central Station (soon to be PeerSpot)! Questions Share your experience with other peers by ans...
CL
Senior IT Infrastructure Engineer at Tecnoage
Nov 5, 2021
Keeping up with the evolution of cybersecurity and the threats that are haunting the IT industry across all industries, this text pays special attention to ransomware, as this practice is on the rise in the world of cybercrime. Let's focus on the subject, specifically on the Healthcare sector. We are based on Sophos' annual report on cyber threats, which discusses the continuity of ransomware...
NC
Content Manager at PeerSpot (formerly IT Central Station)
Oct 14, 2021
We receive alerts all day long - alerts about emails, incoming Whatsapps and SMSes, posts on social media, etc. At some point we become desensitized to these alerts and stop noticing them anymore - a phenomenon known as “alert fatigue.” Seventy percent of a SOC analyst’s workday is spent dealing with alerts, so SOC analysts are more at risk for alert fatigue than pretty much anyone else. SOC a...
Related Articles
EB
Director of Community at PeerSpot (formerly IT Central Station)
Nov 19, 2021
Spotlight #2 (Community Digest) by IT Central Station
Hi community members, Spotlight #2 is our fresh bi-weekly community digest for you. It covers cy...
CL
Senior IT Infrastructure Engineer at Tecnoage
Nov 5, 2021
An Overview of Ransomware in Healthcare Organizations in 2021
Keeping up with the evolution of cybersecurity and the threats that are haunting the IT industr...
Download Free Report
Download our free PagerDuty Report and get advice and tips from experienced pros sharing their opinions. Updated: March 2023.
DOWNLOAD NOW
687,947 professionals have used our research since 2012.