Disrupting Incident Response – Shrinking Attack Detection Times From Weeks to Seconds presented at CISOminneapolis 2015

by Allan Carey,

Summary : Data breach reports continue to highlight the substantial lag between incident occurrence and detection, with response mechanisms often kicking in weeks after the initial compromise. As spear phishing becomes the attack vector of choice, organizations can level the playing field by crowdsourcing attack detection to employees and providing IR teams the ability to react more quickly. This session makes the case for cultivating a trusted informant network and outlines how to provide these informants with the tools to supply attack intelligence in an actionable format, and discusses approaches for developing response mechanisms to consume intelligence and minimize damage.