How do you avoid re-inventing the wheel each time you have a security incident? How do you make sure you don't miss identifying and closing crucial gaps? How do you make sure you use lessons from the past to do a better job this time around?
How do you make sure you know the full scope of the attack? Perhaps, Susan fell victim to this phishing attack but did anyone else? How do we prevent users from this point on from doing so? Moreover, how do you efficiently manage time so that:
- You disrupt the attack and remediate as quickly as possible to prevent further spread or damage?
- Save time so that you can investigate other possible indicators of compromise or get back to pro-active threat hunting?
And how do you ensure that what you learnt in this incident is leveraged in the future to prevent more incidents or to be better and/or more quickly respond to similar attacks in the future?
Finally, how can you automate as many steps in the response as possible to make better use of skilled analysts' time and accelerate your response to limit damage?
It's all about quickly detecting complex threats, prioritizing security alert investigations and establishing, following and maintaining a playbook for different types of incidents. In this real training for free ™ webinar we will help you get started by providing a detailed checklist for 3 common scenarios:
- User falls victim to phishing attack
- Malware detected on endpoint
- Departed employee
For each of these scenarios we'll look at things like:
- How to do impact analysis to determine the full scope?
- What needs to be remediated for this particular incident?
- Which, if any, controls failed?
- What detective/preventive controls can be put in place or improved to address this threat in the future?
There are many effective ways to improve and standardize incident response besides just scanning for malware and perusing logs. For instance, we'll show you what can be gleaned by analyzing the affected users' email, Internet activity, cloud access and endpoint telemetry. We'll also discuss how critical it is to recreate entire attack chains and piece together both normal and anomalous behavior of users and entities.
Exabeam is our sponsor and Andy Skrei will briefly show you how their behavior-based, security intelligence solution provides end-to-end detection, analytics and automated response capabilities from a single security management and operations platform. The benefits of automated, guided response are clear: reduced response time, fewer human induced errors and improved productivity for incident response teams.
Please register now for this real training for free ™ event.