FireEye Cyber Defense Summit 2016: The Incident Response Track – Technical Details and Solutions that Work
2016 has been a year of significant change to the
cyber security landscape. The rapid proliferation of ransomware and
the emergence of Internet of Things mass compromise has changed the
landscape for responders. Similarly, existing threats have become more
brazen, with nation-state actors publishing the results of their
campaigns publicly and financial threat actors leaving no piece of PII behind.
While the average global identification time for compromise by
advanced attackers has continued to decrease from 206 days in 2014 to
146 days in 2015, it’s still unacceptably long to protect the data
that matters for an organization. As an incident responder at Mandiant
for the past four years, I have personally worked on cases in 2016
where attackers were able to break into an organization and complete
their mission in record time.
Skilled and trained incident responders with access to the latest
information on threats, adversaries and tools are one of the best
lines of defense in keeping an environment secure and terminating a
threat as it happens. With that in mind, for the FireEye Cyber Defense
Summit 2016 Incident Response track, I sought to cultivate a group of
practitioners who could share their experiences, research and
successes with the greater incident response community.