ON-DEMAND WEBINAR: Incident Response - Fail to Prepare, Prepare to Fail
Event date 22 July 2020 16:00 – 17:00
Check out the recording of our latest webinar "Incident Response - Fail to Prepare, Prepare to Fail". Sign up using the link above or by visiting the link here:https://nccgroupus.lpages.co/ir-webinar-on-demand/ to view the recording immediately.
When dealing with an incident, response time is critical. Learn how to better prepare with configuration and logging improvements, and how they can be applied to MITRE ATT&CK and Threat Hunting to achieve cohesion between your offensive and defensive capabilities.
Successful incident response is all in the preparation.
When an incident occurs, finding the root cause is key to an expedient recovery. Security teams that focus on preparation have a stark advantage over their less prepared counterparts. In many cases, they can reduce investigation time by 25-50%, saving the company thousands of dollars in business continuity related costs.
- Many organizations lack a consistent configuration and logging strategy, which can help investigators find out exactly what happened
- Preparation leads to lower Mean Time to Detection and (MTTD) and Mean Time to Respond (MTTR)
- If you have improved configurations and logging, and employ regular threat hunting, you’re further ahead than you think!
Attendees will walk away with an understanding of…
- What incident response preparation really looks like and how to close the gaps
- How proper preparation and configuration helps to reduce MTTD and MTTR
- How MITRE ATT&CK benefits from proper configuration and preparation
- How proper configuration and preparation aides in threat hunting
Want to know more about our presenter?
Michael Gough (Goff) (CISSP and CSIH) is a Malware Archaeologist, Blue Team defender, Threat Hunter, Incident Responder, Information Security professional and logoholic. Michael developed the “Malware Management Framework” to improve malware discovery and detection and response capabilities. Michael also authored several Windows logging cheat sheets to help the security industry understand Windows logging, where to start, what to set, and what to look for. Michael is co-developer of LOG-MD, a free Windows tool that audits, collects, and reports on malicious Windows artifacts. Michael’s responsible disclosures involve cardkey system exploits and vulnerabilities with leading security products. Michael’s background includes 20 years of security consulting for Fortune 500 organizations with HP, health care, financial, and the gaming industries. While in the gaming industry successfully fighting the WinNTI hacking group, I solidified many of the methods and techniques I utilize and share with the community. Michael also ran BSides Texas for five years for the Austin, San Antonio, Dallas and Houston cons. Michael also blogs on HackerHurricane.com on various InfoSec topics.
Companies with IR teams that perform extensive testing of response plans experience saving an average of $1.23 million on costs related to a data breach. (statistic from https://newsroom.ibm.com/2019-07-23-IBM-Study-Shows-Data-Breach-Costs-on-the-Rise-Financial-Impact-Felt-for-Years)
About NCC Group
NCC Group exists to make the world safer and more secure.
As global experts in cyber security and risk mitigation, NCC Group is trusted by over 15,000 clients worldwide to protect their most critical assets from the ever-changing threat landscape.
With the company’s knowledge, experience and global footprint, it is best placed to help businesses identify, assess, mitigate and respond to the evolving cyber risks they face.
To support its mission, NCC Group continually invests in research and innovation, and is passionate about developing the next generation of cyber scientists.
With over 1,800 colleagues in 12 countries, NCC Group has a significant market presence in North America, continental Europe and the UK, and a rapidly growing footprint in Asia Pacific with offices in Australia and Singapore.