What if we really assumed breach? presented at Bsidesamsterdam 2017

by Kevin Jonkers,

Summary : Every large organization that takes security seriously is supposedly doing it: “assume breach”. working under the assumption that an attacker will at some point bypass your perimeter defenses, you approach IT security in a different way. You perform regular hunts, continuously improve detection, perform war games, etc. But are we really treating our security as we say we are? In this talk, I will show where most organizations fail to actually uphold the assumption of an impending compromise. accepting limitations in scope, effort and data sources involved, security teams are often severely hampered in their efforts. How can we improve this looking at real world incidents and learning from the challenges we face in incident response situations? gaining visibility on your strong and weak areas, I will show that a lot more can be done than is often thought.