Explore the concept of Response Ready Infrastructure in this BSides Cincinnati 2015 conference talk. Learn why proactive defenses aren't always sufficient and how to prepare for potential security incidents. Discover industry standards, incident response processes, and technical control defenses. Gain insights into the NIST 861 framework, essential log collection practices, and various indicators to monitor. Examine host-based indicators, asset inventory management, port scanning techniques, and analysis tools. Delve into network detection strategies, privilege management, visibility enhancement, and blocking mechanisms. Understand the importance of endpoint security, communications protocols, and access controls. Acquire knowledge on implementing a comprehensive security strategy aligned with the San CSC framework.
Overview
Syllabus
Introduction
Proactive defenses dont always work
Are you ready
Industry Standards
Response Ready Infrastructure
snort alert
answering questions
you need people
Incident Response Processes
Technical Controls Defenses
NIST 861
What Log Should We Collect
Indicators
Hostbased indicators
Asset inventory
Port scans
Analysis tools
Network detection
Privileges
Visibility
Blocking
Endpoint
Communications
Access Controls
San CSC
