Dmitri Alperovitch, CTO at CrowdStrike, breaks down the 1-10-60 rule and why organizations should track and improve their incident response times with this benchmark in mind i.e.
Detect an incident in 1 minute
Investigate the incident in 10 minutes
Remediate or contain the incident in 60 minutes