You haven't slept in days. Pager alerts at all hours. Constant firefights. How do you get out of this mess? This talk gives away all the secrets you'll need to go from reactive chaos to building and running a finely tuned detection & response program (and finally get some sleep).
Gone are the days of buying the ol' EDR/IDS/NGAV combo, throwing some engineers on an on-call rotation, and calling it your incident response team. You need a robust and comprehensive detection and response program to fight modern day attackers. But there are a lot of challenges in the way: alert fatigue, tools are expensive, hiring talent is impossibly difficult, and your current team is overworked from constant firefights.
How do you successfully build a modern detection and response program, all while riding the rocket of never ending incidents and unforgiving on-call schedules?
This talk addresses the lack of a framework, which has led to ineffective, outdated, and after-thought detection and response programs. At the end of this talk, you will walk away with a better understanding of all the capabilities a modern program should have and a framework to build or improve your own.