Cleaner or Janitor – Incident Response to an active attack presented at BSideSLA 2013

by John Stauffacher, Matthew Hoy,

Summary : Everyday corporations are faced with the increasing likelihood of attack. They spend millions, in security software/tools/training/hardware only to neuter it at the behest of other "business" units. The idea that losing one customer because of a false positive is enough justification to put the entire customer base at risk. This talk will debunk that myth, as well as show what makes our attackers so nimble ( they don't have to play by the rules ). On the flip side – how are you handling the breech? What are you doing with your attack data? Are you just mopping up the mess – or are you armed with the tools to thoroughly “clean” your enemy. This talk is a double shot of the real life experiences handling an active attack and cleaning up after a breach. A primer on new approaches to antiquated techniques and ultimately shine some light on what makes the attacker so nimble – and ways to up your incident response game. Are you a janitor? Or are you a cleaner?