Incident Response: Tools & Techniques
-
Upload
securedata-europe -
Category
Technology
-
view
154 -
download
1
Transcript of Incident Response: Tools & Techniques
INCIDENT RESPONSE:
TOOLS & TECHNIQUES
1
Neil Thacker, Information Security & Strategy Officer EMEA, Websense
2
THREAT STAGE MODELLING
RECON LURE REDIRECT EXPLOIT KIT DROPPER
FILECALL HOME DATA THEFT
DATA CONTROL MAPPING
3
4
ACTION NOT MONITORING
Who
Human Resources
Customer Service
Finance
Accounting
Legal
Sales
Marketing
Technical Support
Engineering
What
Source Code
Business Plans
M&A Plans
Employee Salary
Personal Information
Financial Statements
Customer Records
Technical Documentation
Competitive Information
Where
Benefits Provider
Personal Web Storage
Blog
Customer
USB
Spyware Site
Business Partner
Competitor
Analyst
How
File Transfer
Instant Messaging
Peer-to-Peer
Web
Audit
Notify
Remove
Quarantine
Encrypt
Block
Removable Media
Copy/Paste
Print Screen
Action
Confirm
5
INCIDENT RESPONSE - PREPARATION
Before
• Data Collection & Monitoring Infrastructure
• Incident Command Principles
• Roles and OrganisationalStructure
• Response Infrastructure and Preparatory Steps
After
• Trigger, Escalate, and Size appropriately
• Detect, Contain & Mitigate
• Triage• Analyse• QA effectiveness
During
6
INCIDENT RESPONSE
Technology requirements:
• Malware analysis
• Digital/Data forensics
• Composite scoring
• Real-time event correlation
• Kill-chain analysis
THANK YOU
7
Neil ThackerInformation Security & Strategy Officer EMEAWebsense
@nt_hacker