Automating the Incident Response Process
- Wednesday, March 4th, 2015 at 1:00 PM EST (18:00:00 UTC)
- Alissa Torres and Jeffrey (J.J.) Guy
You can now attend the webcast using your mobile device!
As witnessed in 2014, big companies present big targets for hackers but no company is immune to hacking. To cope with these increasing threats, speed of response is essential to mitigate damage and data loss. Instead of gathering evidence after a potential incident, the key to successful investigations is continuous monitoring and system "scraping."
Since attacks are assumed to be inevitable, the key is preparing for a breach so that once the threat is identified, the next steps of isolation, investigation and corrective actions can be executed as quickly and as efficiently as possible.
This webcast will provide an overview of the resources including a process that can be used to detect attackers more accurately and efficiently, thereby mitigating damage and data loss.
Alissa Torres is a certified SANS instructor specializing in advanced computer forensics and incident response. Her industry experience includes serving in the trenches as part of the Mandiant Computer Incident Response Team (MCIRT) as an incident handler and working on an internal security team as a digital forensic investigator. She has extensive experience in information security, spanning government, academic and corporate environments, and she holds a bachelor's degree from University of Virginia and a master's from University of Maryland in information technology. Alissa has served as an instructor at the Defense Cyber Investigations Training Academy (DCITA), delivering incident response and network basics to security professionals entering the forensics community. In addition to being a GIAC Certified Forensic Analyst (GCFA), she holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+.
Jeffrey (J.J.) Guy
Jeffrey (J.J.) Guy is director of operations for Bit9 + Carbon Black. He joined the company when Bit9 merged with Carbon Black in February 2014. At Carbon Black he was customer advocate and support lead. He spent 12 years in federal cyber operations, including an active duty tour with the Air Force's Information Warfare Center and as director/general manager of one of the top providers of federal computer network operations (CNO) R&D services, with about 100 kernel programmers, reverse engineers and vulnerability researchers supporting a dozen different federal programs. Guy's time in the Air Force gave him an intimate understanding of the shortfalls of enterprise network defense technology. Frustrated by the "state of the art" and narrow thinking of industry, he has been a strong advocate for shifting security investment from protection to detection and response since 2002. As a full-stack engineer, proven leader and public speaker, he can move from the lab to the podium to the boardroom and back. Guy a bachelor's degree in computer engineering from Case Western Reserve University and a master's degree in computer science from Johns Hopkins.