In the last several years, information security forensics and incident response teams have been fighting a losing battle. The attacks are coming more frequently, they're getting more sophisticated, and we always seem to be a step behind our adversaries. Despite this, we're learning some lessons along the way. The use of specific indicators of compromise (IOCs) to look for intrusion evidence has helped us, and we're getting better all the time. Unfortunately, we're not getting better fast enough, and we need to adopt some new approaches in order to be more effective at combating the advanced attacks we're seeing today. In this webcast, Dave Shackleford, senior SANS instructor and founder and principal consultant of Voodoo Security, will discuss the following: