Overview
Explore incident response strategies and active defense techniques in this conference talk from BSides Rhode Island. Dive into the Incident Response Model and compare it with the adversary's approach using the Intrusion Kill Chain. Learn how to transform data into actionable intelligence and distinguish between multiple attacks versus a single persistent threat. Gain insights on developing believable intelligence and understanding the role of informal communities in cybersecurity. Discover what active defense truly entails, its benefits, and how it can delay attackers. Watch a live demonstration and engage with the speaker's concluding thoughts on effective cybersecurity practices.
Syllabus
Intro
Outline
Incident Response Model
The baddies have a model too...
Intrusion Kill Chain
The Incident Tango
Data to Intelligence
Developing Intelligence
Five Different Attacks?
Or One Persistent Attack?
Quick Tips for Believability
Unorganized Informal Communities
Infragard
Active Defense is NOT...
Active Defense is...
Why Active Defense?
Delay
Demo Time
Conclusion
Questions?
Contact Information