Dear Blue Team: Proactive Steps to Supercharge Your IR

Cloud, Mobile & IAM Theatre

Thu 18th Oct 11:30 to 12:00

In an age where data breaches and malware infections are quickly becoming the norm, we must prepare for Digital Forensics and Incident Response (DFIR). In doing so, there are many things that Administrator, Enterprise Defenders, and Security Operations Centers can do proactively to not only enhance the security of an organization, but also assist the DFIR personnel in performing their duties in a more expeditious manner. During this presentation, blue teamers and management will be armed with actionable advice as to how to pre-emptively capture artifacts as baselines BEFORE anything ever happens and the actions to take WHEN something happens.

What you will take away from this session

  • Regarding incidents, it is better to prepare than react.
  • Baselining is more than just an IP Address, MAC Address, and possibly a software list.
  • Memory forensics are often underrated, but can get to the bottom of what happened.
  • You should be integrating your IR Plan with your BCP and DRP and testing it!


Photo Speaker Name Profile
Joe Gray Joe Gray View Profile