Performing Effective Incident Response presented at BlackHatUSA 2005

by Kevin Mandia,


Summary : During the course of 2004 and 2005, we have responded to dozens of computer security incidents at some of America’s largest organizations. Mr. Mandia was on the front lines assisting these organizations in responding to international computer intrusions, theft of intellectual property, electronic discovery issues, and widespread compromise of sensitive data. Our methods of performing incident response have altered little in the past few years, yet the attacks have greatly increased in sophistication. Mr. Mandia addresses the widening gap between the sophistication of the attacks and the sophistication of the incident response techniques deployed by “best practices.”
During this presentation, Mr. Mandia re-enacts some of the incidents; provides examples of how these incidents impacted organizations; and discusses the challenges that each organization faced. He demonstrates the “state-of-the-art” methods being used to perform Incident Response, and how these methods are not evolving at a pace equal to the threats. He outlines the need for new technologies to address these challenges, and what these technologies would offer. He concludes the presentation by discussing emerging trends and technologies that offer strategic approaches to minimize the risks that an organization faces from the liabilities the information age has brought.