Successful Strategies in Enterprise Intrusion Investigations
-
Upload
michelle-grant -
Category
Documents
-
view
27 -
download
2
description
Transcript of Successful Strategies in Enterprise Intrusion Investigations
0000.PPT 04/19/2023 1
Successful Strategies in Enterprise Intrusion Investigations
SANS WhatWorks in Forensics and Incident Response Summit 2008
Michael CloppertMember Technical StaffLockheed Martin Computer Incident Response Team
2
Phase 2: Establish a presence
CompromiseSystems
Establisha
Presence
Steal data
3
But how?
4
So what now?
Yeah, it’s broken.
We have a process!
Oh you mean this one?
NIST Special Publication 800-61:Computer Security Incident Handling Guide CMU-SEI-2004-TR-015Defining Incident Management Processes:
A Work In Progress
5
Get Intelligent
IncidentResponse
MalwareAnalysis
NetDefenders
DigitalForensics
Compromises
Behaviors,Activity
Sys
tem
Foot
prin
tS
uspi
ciou
sFi
les
Suspicious
DataFootprints,
BehaviorsPartnerships &
Collaboration
Integration of intelligence acquired through analysis and collaboration is key to successfully managing incidents