Incident Response: Tools & Techniques

7
INCIDENT RESPONSE: TOOLS & TECHNIQUES 1 Neil Thacker, Information Security & Strategy Officer EMEA, Websense

Transcript of Incident Response: Tools & Techniques

Page 1: Incident Response: Tools & Techniques

INCIDENT RESPONSE:

TOOLS & TECHNIQUES

1

Neil Thacker, Information Security & Strategy Officer EMEA, Websense

Page 2: Incident Response: Tools & Techniques

2

THREAT STAGE MODELLING

RECON LURE REDIRECT EXPLOIT KIT DROPPER

FILECALL HOME DATA THEFT

Page 3: Incident Response: Tools & Techniques

DATA CONTROL MAPPING

3

Page 4: Incident Response: Tools & Techniques

4

ACTION NOT MONITORING

Who

Human Resources

Customer Service

Finance

Accounting

Legal

Sales

Marketing

Technical Support

Engineering

What

Source Code

Business Plans

M&A Plans

Employee Salary

Personal Information

Financial Statements

Customer Records

Technical Documentation

Competitive Information

Where

Benefits Provider

Personal Web Storage

Blog

Customer

USB

Spyware Site

Business Partner

Competitor

Analyst

How

File Transfer

Instant Messaging

Peer-to-Peer

Print

Email

Web

Audit

Notify

Remove

Quarantine

Encrypt

Block

Removable Media

Copy/Paste

Print Screen

Action

Confirm

Page 5: Incident Response: Tools & Techniques

5

INCIDENT RESPONSE - PREPARATION

Before

• Data Collection & Monitoring Infrastructure

• Incident Command Principles

• Roles and OrganisationalStructure

• Response Infrastructure and Preparatory Steps

After

• Trigger, Escalate, and Size appropriately

• Detect, Contain & Mitigate

• Triage• Analyse• QA effectiveness

During

Page 6: Incident Response: Tools & Techniques

6

INCIDENT RESPONSE

Technology requirements:

• Malware analysis

• Digital/Data forensics

• Composite scoring

• Real-time event correlation

• Kill-chain analysis

Page 7: Incident Response: Tools & Techniques

THANK YOU

7

Neil ThackerInformation Security & Strategy Officer EMEAWebsense

@nt_hacker


Communication Strategies for Incident Response - · PDF fileEffective incident response requires more than notification technologies. Real-time collaboration among incident response

Communication Strategies for Incident Response - · PDF fileEffective incident response requires more than notification technologies. Real-time collaboration among incident response

Whitepaper - Incident Response

Whitepaper - Incident Response

CrowdStrike Services CROWDSTRIKE INCIDENT RESPONSE AND PROACTIVE …€¦ · CrowdStrike Incident Response & Proactive Services. 01 AM I BREACHED? INCIDENT RESPONSE The CrowdStrike

CrowdStrike Services CROWDSTRIKE INCIDENT RESPONSE AND PROACTIVE …€¦ · CrowdStrike Incident Response & Proactive Services. 01 AM I BREACHED? INCIDENT RESPONSE The CrowdStrike

Improving Incident Response Incident Response Agenda Why Incident Response is Important Threats, Numbers, Traditional Response What is an Incident.

Improving Incident Response Incident Response Agenda Why Incident Response is Important Threats, Numbers, Traditional Response What is an Incident.

Lesson 5 Introduction to Incident Response. UTSA IS 6353 Incident Response Overview Hacker Lexicon Incident Response.

Lesson 5 Introduction to Incident Response. UTSA IS 6353 Incident Response Overview Hacker Lexicon Incident Response.

Digital Forensics, Incident Response, and Cloud Computing · Digital Forensics, Incident Response, and Cloud ... •Cloud-ready incident response and forensics: ... forensics-incident-response-summit-jesse-kornblum-computer

Digital Forensics, Incident Response, and Cloud Computing · Digital Forensics, Incident Response, and Cloud ... •Cloud-ready incident response and forensics: ... forensics-incident-response-summit-jesse-kornblum-computer

Cyber incident response - KPMG · the incident response programme. Incident response programme development • Assistance in creation of an incident response programme, process design

Cyber incident response - KPMG · the incident response programme. Incident response programme development • Assistance in creation of an incident response programme, process design

How to Response Against Web Security Incident...Agenda Incident Response Life Cycle Recap Incident Response Web Hacking PlayBook Incident Response Step for Web Hacking Security Incident

How to Response Against Web Security Incident...Agenda Incident Response Life Cycle Recap Incident Response Web Hacking PlayBook Incident Response Step for Web Hacking Security Incident

데이터시트: 태니엄 Incident Response / Datasheet: Tanium Incident Response

데이터시트: 태니엄 Incident Response / Datasheet: Tanium Incident Response

INCIDENT RESPONSE ACTIVITY - ICS-CERT · 2017-01-09 · INCIDENT RESPONSE ACTIVITY. INDUSTRIAL CONTROL SYSTEMS. CYBER EMERGENCY RESPONSE TEAM. INCIDENT RESPONSE ACTIVITY. SITUATIONAL

INCIDENT RESPONSE ACTIVITY - ICS-CERT · 2017-01-09 · INCIDENT RESPONSE ACTIVITY. INDUSTRIAL CONTROL SYSTEMS. CYBER EMERGENCY RESPONSE TEAM. INCIDENT RESPONSE ACTIVITY. SITUATIONAL

Incident Response - so reagieren Sie richtig...Incident Response - so reagieren Sie richtig Author Christoph Baumgartner - OneConsult GmbH Subject Incident Response Keywords Incident

Incident Response - so reagieren Sie richtig...Incident Response - so reagieren Sie richtig Author Christoph Baumgartner - OneConsult GmbH Subject Incident Response Keywords Incident

RSA Incident Response: Emerging Threat Profile€¦ · RSA Incident Response incident response RSA Incident Response: Emerging Threat Profile . Shell_Crew . January 2014

RSA Incident Response: Emerging Threat Profile€¦ · RSA Incident Response incident response RSA Incident Response: Emerging Threat Profile . Shell_Crew . January 2014

Accident/incident Prevention Techniques - HSSE WORLD · 2020. 12. 8. · Accident/Incident Prevention Techniques Second Edition Accident/Incident Prevention Techniques Reese Second

Accident/incident Prevention Techniques - HSSE WORLD · 2020. 12. 8. · Accident/Incident Prevention Techniques Second Edition Accident/Incident Prevention Techniques Reese Second

Anti Incident Response

Anti Incident Response

Incident Response Policy

Incident Response Policy

Incident response cloud

Incident response cloud

Exam information - Universitetet i oslo · Incident response is a reaction to unexpected events. Incident response shall reduce negative consequences of an incident. As incident response

Exam information - Universitetet i oslo · Incident response is a reaction to unexpected events. Incident response shall reduce negative consequences of an incident. As incident response

Lesson 11 Basics of Incident Response. UTSA IS 3523 ID and Incident Response Overview Hacker Lexicon Incident Response.

Lesson 11 Basics of Incident Response. UTSA IS 3523 ID and Incident Response Overview Hacker Lexicon Incident Response.

Reverse Engineering Malware and Mitigation Techniques Jacek Milunski – NATO Computer Incident Response Center Andrzej Dereszowski – NATO Computer Incident.

Reverse Engineering Malware and Mitigation Techniques Jacek Milunski – NATO Computer Incident Response Center Andrzej Dereszowski – NATO Computer Incident.

Incident Response Plan - Spearstonespearstone.com/resources/Breach_Response_Plan_by_AICPA.pdf · 4 Table of Contents Incident Response Plan 6 Incident Response Team 6 Incident Response

Incident Response Plan - Spearstonespearstone.com/resources/Breach_Response_Plan_by_AICPA.pdf · 4 Table of Contents Incident Response Plan 6 Incident Response Team 6 Incident Response