SlideShare a Scribd company logo

IR tools & techniques

Download as PPTX, PDF
SecureData Europe
SecureData Europe

This document discusses tools and techniques for incident response. It outlines the stages of a threat including reconnaissance, luring a target, redirecting them to exploit kits, dropping malware files, and stealing data. It also provides a data control mapping showing who has access to what sensitive information within an organization and how it is accessed. Finally, it discusses preparing for incidents through data collection and monitoring, establishing roles and structure, and responding by detecting, containing and mitigating threats during an incident and analyzing afterward.

Technology
1 of 7
INCIDENT RESPONSE: TOOLS & TECHNIQUES Neil Thacker, Information Security & Strategy Officer EMEA, Websense 1
THREAT STAGE MODELLING RECON LURE REDIRECT EXPLOIT KIT DROPPER FILE CALL HOME DATA THEFT 2
DATA CONTROL MAPPING 3
ACTION NOT MONITORING Who Where What How Action Human Resources Source Code Benefits Provider File Transfer Audit Customer Service Business Plans Personal Web Storage Web Block Marketing Personal Information Business Partner Instant Messaging Notify Finance M&A Plans Blog Peer-to-Peer Remove Accounting Employee Salary Customer Email Encrypt Sales Financial Statements Spyware Site Print Quarantine Legal Customer Records USB Removable Media Technical Support Technical Documentation Competitor Print Screen Engineering Competitive Information Analyst Copy/Paste Confirm 4
INCIDENT RESPONSE - PREPARATION During Before • • • • Data Collection & Monitoring Infrastructure Incident Command Principles Roles and Organisational Structure Response Infrastructure and Preparatory Steps • • Trigger, Escalate, and Size appropriately Detect, Contain & Mitigate After • • • Triage Analyse QA effectiveness 5
INCIDENT RESPONSE Technology requirements: • Malware analysis • Digital/Data forensics • Composite scoring • Real-time event correlation • Kill-chain analysis 6
THANK YOU Neil Thacker Information Security & Strategy Officer EMEA Websense @nt_hacker 7

Recommended

Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24
 
Cyber Resiliency
Cyber ResiliencyCyber Resiliency
Cyber ResiliencyAlert Logic
 
Sounding the Alarm with Real-Time AD Detection and Alerting
Sounding the Alarm with Real-Time AD Detection and AlertingSounding the Alarm with Real-Time AD Detection and Alerting
Sounding the Alarm with Real-Time AD Detection and AlertingQuest
 
Investigating and Recovering from a Potential Hybrid AD Security Breach
Investigating and Recovering from a Potential Hybrid AD Security BreachInvestigating and Recovering from a Potential Hybrid AD Security Breach
Investigating and Recovering from a Potential Hybrid AD Security BreachQuest
 
Identifying Hybrid AD Security Risks with Continuous Assessment
Identifying Hybrid AD Security Risks with Continuous Assessment Identifying Hybrid AD Security Risks with Continuous Assessment
Identifying Hybrid AD Security Risks with Continuous Assessment Quest
 
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...Quest
 
Security Automation Quick Wins - Siemplify Webinar
Security Automation Quick Wins - Siemplify WebinarSecurity Automation Quick Wins - Siemplify Webinar
Security Automation Quick Wins - Siemplify WebinarSarah (Bueno) Eck
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 

Recommended

Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24
 
Cyber Resiliency
Cyber ResiliencyCyber Resiliency
Cyber ResiliencyAlert Logic
 
Sounding the Alarm with Real-Time AD Detection and Alerting
Sounding the Alarm with Real-Time AD Detection and AlertingSounding the Alarm with Real-Time AD Detection and Alerting
Sounding the Alarm with Real-Time AD Detection and AlertingQuest
 
Investigating and Recovering from a Potential Hybrid AD Security Breach
Investigating and Recovering from a Potential Hybrid AD Security BreachInvestigating and Recovering from a Potential Hybrid AD Security Breach
Investigating and Recovering from a Potential Hybrid AD Security BreachQuest
 
Identifying Hybrid AD Security Risks with Continuous Assessment
Identifying Hybrid AD Security Risks with Continuous Assessment Identifying Hybrid AD Security Risks with Continuous Assessment
Identifying Hybrid AD Security Risks with Continuous Assessment Quest
 
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged A...Quest
 
Security Automation Quick Wins - Siemplify Webinar
Security Automation Quick Wins - Siemplify WebinarSecurity Automation Quick Wins - Siemplify Webinar
Security Automation Quick Wins - Siemplify WebinarSarah (Bueno) Eck
 
Malware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmMalware detection how to spot infections early with alien vault usm
Malware detection how to spot infections early with alien vault usmAlienVault
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and OrchestrationGreg Foss
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handlingnewbie2019
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmAlienVault
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple TeamPriyanka Aash
 
Software Security
Software SecuritySoftware Security
Software SecurityIntegral university, India
 
RSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics PresentationRSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics PresentationAnton Chuvakin
 
Soc security-analytics
Soc security-analyticsSoc security-analytics
Soc security-analyticsbharti singhal
 
Soc security-analyticsof leotechnosoft
Soc security-analyticsof leotechnosoftSoc security-analyticsof leotechnosoft
Soc security-analyticsof leotechnosofthardik soni
 
Stop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointStop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointBeyondTrust
 
Top Cloud Security Risks of 2020
Top Cloud Security Risks of 2020Top Cloud Security Risks of 2020
Top Cloud Security Risks of 2020Vivek Mishra
 
Hide and seek - Attack Surface Management and continuous assessment.
Hide and seek - Attack Surface Management and continuous assessment.Hide and seek - Attack Surface Management and continuous assessment.
Hide and seek - Attack Surface Management and continuous assessment.Eoin Keary
 
PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018Greg Foss
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Unit4 next
Unit4 nextUnit4 next
Unit4 nextIntegral university, India
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Greg Foss
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account securityRaleigh ISSA
 
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخداد
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخدادReview on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخداد
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخدادReZa AdineH
 
RMS Security Breakfast
RMS Security BreakfastRMS Security Breakfast
RMS Security BreakfastRackspace
 
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...North Texas Chapter of the ISSA
 

More Related Content

What's hot

Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and OrchestrationGreg Foss
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handlingnewbie2019
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmAlienVault
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple TeamPriyanka Aash
 
RSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics PresentationRSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics PresentationAnton Chuvakin
 
Soc security-analytics
Soc security-analyticsSoc security-analytics
Soc security-analyticsbharti singhal
 
Soc security-analyticsof leotechnosoft
Soc security-analyticsof leotechnosoftSoc security-analyticsof leotechnosoft
Soc security-analyticsof leotechnosofthardik soni
 
Stop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointStop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointBeyondTrust
 
Top Cloud Security Risks of 2020
Top Cloud Security Risks of 2020Top Cloud Security Risks of 2020
Top Cloud Security Risks of 2020Vivek Mishra
 
Hide and seek - Attack Surface Management and continuous assessment.
Hide and seek - Attack Surface Management and continuous assessment.Hide and seek - Attack Surface Management and continuous assessment.
Hide and seek - Attack Surface Management and continuous assessment.Eoin Keary
 
PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018Greg Foss
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Greg Foss
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account securityRaleigh ISSA
 
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخداد
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخدادReview on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخداد
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخدادReZa AdineH
 

What's hot (20)

Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and Orchestration
 
Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015Journey to the Cloud: Securing Your AWS Applications - April 2015
Journey to the Cloud: Securing Your AWS Applications - April 2015
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handling
 
Improve threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usmImprove threat detection with hids and alien vault usm
Improve threat detection with hids and alien vault usm
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple Team
 
Software Security
Software SecuritySoftware Security
Software Security
 
RSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics PresentationRSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics Presentation
 
Soc security-analytics
Soc security-analyticsSoc security-analytics
Soc security-analytics
 
Soc security-analyticsof leotechnosoft
Soc security-analyticsof leotechnosoftSoc security-analyticsof leotechnosoft
Soc security-analyticsof leotechnosoft
 
Stop the Evil, Protect the Endpoint
Stop the Evil, Protect the EndpointStop the Evil, Protect the Endpoint
Stop the Evil, Protect the Endpoint
 
Top Cloud Security Risks of 2020
Top Cloud Security Risks of 2020Top Cloud Security Risks of 2020
Top Cloud Security Risks of 2020
 
Hide and seek - Attack Surface Management and continuous assessment.
Hide and seek - Attack Surface Management and continuous assessment.Hide and seek - Attack Surface Management and continuous assessment.
Hide and seek - Attack Surface Management and continuous assessment.
 
PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018PIE - BSides Vancouver 2018
PIE - BSides Vancouver 2018
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
 
Unit4 next
Unit4 nextUnit4 next
Unit4 next
 
Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17Phishing Intelligence Engine - BlueHat v17
Phishing Intelligence Engine - BlueHat v17
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account security
 
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخداد
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخدادReview on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخداد
Review on Event Correlation- مروری بر روش های همبسته سازی در مدیریت رخداد
 

Similar to IR tools & techniques

RMS Security Breakfast
RMS Security BreakfastRMS Security Breakfast
RMS Security BreakfastRackspace
 
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...North Texas Chapter of the ISSA
 
Risk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response ProgrammeRisk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response ProgrammeRisk Crew
 
How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response FunctionResilient Systems
 
Modern vs. Traditional SIEM
Modern vs. Traditional SIEM Modern vs. Traditional SIEM
Modern vs. Traditional SIEM Alert Logic
 
PPT-Security-for-Management.pptx
PPT-Security-for-Management.pptxPPT-Security-for-Management.pptx
PPT-Security-for-Management.pptxRSAArcher
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 
SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...
SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...
SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...jeffgellman
 
Smart Predictive Data Analysis by MJ Clark Business Consulting Raleigh NC
Smart Predictive Data Analysis by MJ Clark Business Consulting Raleigh NCSmart Predictive Data Analysis by MJ Clark Business Consulting Raleigh NC
Smart Predictive Data Analysis by MJ Clark Business Consulting Raleigh NCMary Jane Clark
 
Security for Architects and Developers
Security for Architects and DevelopersSecurity for Architects and Developers
Security for Architects and DevelopersShamir Charania
 
ComResource Business Solutions
ComResource Business SolutionsComResource Business Solutions
ComResource Business SolutionsAnthony Dials
 
Nonprofit Cybersecurity Risk Assessment Basics
Nonprofit Cybersecurity Risk Assessment BasicsNonprofit Cybersecurity Risk Assessment Basics
Nonprofit Cybersecurity Risk Assessment BasicsCommunity IT Innovators
 
How top producers use DiscoverOrg to close more deals faster
How top producers use DiscoverOrg to close more deals faster How top producers use DiscoverOrg to close more deals faster
How top producers use DiscoverOrg to close more deals faster DiscoverOrg
 
ComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityAnthony Dials
 
ComResource Agency Solutions
ComResource Agency SolutionsComResource Agency Solutions
ComResource Agency SolutionsAnthony Dials
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...SaraPia5
 
Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Splunk
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
 

Similar to IR tools & techniques (20)

RMS Security Breakfast
RMS Security BreakfastRMS Security Breakfast
RMS Security Breakfast
 
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
 
Risk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response ProgrammeRisk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response Programme
 
How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response Function
 
Modern vs. Traditional SIEM
Modern vs. Traditional SIEM Modern vs. Traditional SIEM
Modern vs. Traditional SIEM
 
PPT-Security-for-Management.pptx
PPT-Security-for-Management.pptxPPT-Security-for-Management.pptx
PPT-Security-for-Management.pptx
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...
SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...
SPC18 - Getting Started with Office 365 Advanced Threat Protection for ShareP...
 
Smart Predictive Data Analysis by MJ Clark Business Consulting Raleigh NC
Smart Predictive Data Analysis by MJ Clark Business Consulting Raleigh NCSmart Predictive Data Analysis by MJ Clark Business Consulting Raleigh NC
Smart Predictive Data Analysis by MJ Clark Business Consulting Raleigh NC
 
Secure Iowa Oct 2016
Secure Iowa Oct 2016Secure Iowa Oct 2016
Secure Iowa Oct 2016
 
Security for Architects and Developers
Security for Architects and DevelopersSecurity for Architects and Developers
Security for Architects and Developers
 
ComResource Business Solutions
ComResource Business SolutionsComResource Business Solutions
ComResource Business Solutions
 
Nonprofit Cybersecurity Risk Assessment Basics
Nonprofit Cybersecurity Risk Assessment BasicsNonprofit Cybersecurity Risk Assessment Basics
Nonprofit Cybersecurity Risk Assessment Basics
 
How top producers use DiscoverOrg to close more deals faster
How top producers use DiscoverOrg to close more deals faster How top producers use DiscoverOrg to close more deals faster
How top producers use DiscoverOrg to close more deals faster
 
Andy Malone - Microsoft office 365 security deep dive
Andy Malone - Microsoft office 365 security deep diveAndy Malone - Microsoft office 365 security deep dive
Andy Malone - Microsoft office 365 security deep dive
 
ComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityComResource - NW Agent Cybersecurity
ComResource - NW Agent Cybersecurity
 
ComResource Agency Solutions
ComResource Agency SolutionsComResource Agency Solutions
ComResource Agency Solutions
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
 
Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session Building an Analytics - Enabled SOC Breakout Session
Building an Analytics - Enabled SOC Breakout Session
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 

More from SecureData Europe

FINE-TUNE IPS TO DIAL UP SECURITY
FINE-TUNE IPS TO DIAL UP SECURITYFINE-TUNE IPS TO DIAL UP SECURITY
FINE-TUNE IPS TO DIAL UP SECURITYSecureData Europe
 
Educate Your Users Not To Take The Bait: Introduction To Phishing As A Service
Educate Your Users Not To Take The Bait: Introduction To Phishing As A ServiceEducate Your Users Not To Take The Bait: Introduction To Phishing As A Service
Educate Your Users Not To Take The Bait: Introduction To Phishing As A ServiceSecureData Europe
 
Managed Security Services On The Rise
Managed Security Services On The RiseManaged Security Services On The Rise
Managed Security Services On The RiseSecureData Europe
 
Managed Next Generation Firewall Service
Managed Next Generation Firewall ServiceManaged Next Generation Firewall Service
Managed Next Generation Firewall ServiceSecureData Europe
 
Balance Risk With Better Threat Detection
Balance Risk With Better Threat DetectionBalance Risk With Better Threat Detection
Balance Risk With Better Threat DetectionSecureData Europe
 
New Battle Lines for Security
New Battle Lines for SecurityNew Battle Lines for Security
New Battle Lines for SecuritySecureData Europe
 

More from SecureData Europe (8)

SecureData GI
SecureData GISecureData GI
SecureData GI
 
FINE-TUNE IPS TO DIAL UP SECURITY
FINE-TUNE IPS TO DIAL UP SECURITYFINE-TUNE IPS TO DIAL UP SECURITY
FINE-TUNE IPS TO DIAL UP SECURITY
 
Educate Your Users Not To Take The Bait: Introduction To Phishing As A Service
Educate Your Users Not To Take The Bait: Introduction To Phishing As A ServiceEducate Your Users Not To Take The Bait: Introduction To Phishing As A Service
Educate Your Users Not To Take The Bait: Introduction To Phishing As A Service
 
Managed Security Services On The Rise
Managed Security Services On The RiseManaged Security Services On The Rise
Managed Security Services On The Rise
 
Managed Next Generation Firewall Service
Managed Next Generation Firewall ServiceManaged Next Generation Firewall Service
Managed Next Generation Firewall Service
 
Balance Risk With Better Threat Detection
Balance Risk With Better Threat DetectionBalance Risk With Better Threat Detection
Balance Risk With Better Threat Detection
 
New Battle Lines for Security
New Battle Lines for SecurityNew Battle Lines for Security
New Battle Lines for Security
 
SORT OUT YOUR SIEM
SORT OUT YOUR SIEMSORT OUT YOUR SIEM
SORT OUT YOUR SIEM
 

Recently uploaded

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 

Recently uploaded (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

IR tools & techniques

  • 1. INCIDENT RESPONSE: TOOLS & TECHNIQUES Neil Thacker, Information Security & Strategy Officer EMEA, Websense 1
  • 2. THREAT STAGE MODELLING RECON LURE REDIRECT EXPLOIT KIT DROPPER FILE CALL HOME DATA THEFT 2
  • 4. ACTION NOT MONITORING Who Where What How Action Human Resources Source Code Benefits Provider File Transfer Audit Customer Service Business Plans Personal Web Storage Web Block Marketing Personal Information Business Partner Instant Messaging Notify Finance M&A Plans Blog Peer-to-Peer Remove Accounting Employee Salary Customer Email Encrypt Sales Financial Statements Spyware Site Print Quarantine Legal Customer Records USB Removable Media Technical Support Technical Documentation Competitor Print Screen Engineering Competitive Information Analyst Copy/Paste Confirm 4
  • 5. INCIDENT RESPONSE - PREPARATION During Before • • • • Data Collection & Monitoring Infrastructure Incident Command Principles Roles and Organisational Structure Response Infrastructure and Preparatory Steps • • Trigger, Escalate, and Size appropriately Detect, Contain & Mitigate After • • • Triage Analyse QA effectiveness 5
  • 6. INCIDENT RESPONSE Technology requirements: • Malware analysis • Digital/Data forensics • Composite scoring • Real-time event correlation • Kill-chain analysis 6
  • 7. THANK YOU Neil Thacker Information Security & Strategy Officer EMEA Websense @nt_hacker 7

Editor's Notes

  1. Threat Model and Attack modeling. The number one thing an organization can do to better their security posture is threat model.
  2. Event correlation. Generating incidents with actions.