Click on the timecodes to jump to that part of the video (on YouTube)
Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_HowtoPrepareBeforeCompromise.pdf
00:40 Intro, background information, how to deal with the psychology and politics in your company
15:34 Reviewing different cards in Backdoors & Breaches, Server Analysis
22:39 Security Information and Event Management Log Analysis (SIEM)
31:12 Firewall Logs, Zeek, and RITA
42:37 Endpoint Security, Protection Analysis, User Behavior and Entity Analytics (UBEA), Endpoint Analysis
49:51 Crisis Management, Isolation
53:29 A sample of inject cards including losing people and the intern killing the system you’re working on
This webcast was originally recorded live on October 9th, 2019 with John Strand.
How to be prepared for a hack: Or, Death, taxes, and security breaches. Only two of these things have preparation commercials on cable news at 2 am. I know… we stayed up so you don’t have to.
We have been working through a couple of breaches recently and something kind of hit us out of the blue… people are not prepared for a breach. They are lacking the proper logging and infrastructure to effectively work through an attack after it has happened.
In the webcast, we cover what things an organization needs to have in place for when a breach happens.
We cover isolation, logging, analysis, and politics. So, this should not be all that hard to cover in an hour.
We also cover some of the mistakes that organizations tend to make in the middle of a breach that somehow make the whole experience that much worse.