"A lawsuit was opened after Newton recovered from the incident."
"I tell my Red Teamers this all the time, right? Which is understand how an incident responder thinks, that way you know how to evade them when you're doing a penetration test."
"Chris Rock's demeanor changes when he talks about the slap."
"There's a lot of people that were involved in this incident and we need to do our job and play our part and we need to stay united and bring awareness to this."
"What happened in the way the incident escalated and the outcome was nothing but reprehensible. I'm sorry."
"Congrats on making it through the first part of your incident response journey. Coming up, we'll explore network monitoring, and you'll have the opportunity to apply your learning through the activities."
"Oh, that's what helps it aim. Okay, okay. Well, I don't want anything to happen to tabi."
"When an alert is triggered, EDR tools provide detailed information about the incident, such as affected endpoints, the attack vector, and the type of threat."
"EDR Solutions offer integration with other security tools like SIM and SOAR, facilitating information sharing and enabling more coordinated incident response workflows."
"Containment is a critical part of the incident response process."
"Establishing procedures for responding to incidents is a crucial component of an incident response plan."
"Actually, you do. It's on page whatever in your incident response plan."
"Event management creates actionable incidents from captured events."
"Theme systems allow security-enabled professionals to take countermeasures, perform rapid defensive actions, and handle incidents more successfully."
"If I noticed a large amount of traffic originating from within our network going out to the public internet or somewhere else, I would spin up an incident and follow that NIST 861 incident response life cycle."
"Change management ensures that modifications, updates, or new deployments in the cloud environment are properly evaluated, tested, and implemented to minimize disruptions, maintain stability, and align with business objectives."
"MITRE ATT&CK can help in incident response by better understanding adversaries' behavior, tactics, and techniques, facilitating effective investigation and response."
"Events are raw data points that can be harmless or security-related, but incidents are specific security-related events that have been analyzed, identified, and require action or investigation."
"Declaring an incident is very important because that kicks off the investigation and the determination of how bad it is."
"As long as you have the right team of analysts to know what they need to do when it comes to incident response."
"My goal here today... is to really give you those tangible tips and best practices that will help you close the gap and start operating like the world's best Incident Response Teams."
"The earlier you can identify an incident incident, the faster you can contain it, and reduce the damage."
"We want rapid and consistent response right so we want it to be mature."
"Cybersecurity touches governance, forensics, incident response, business - which are really important things."
"Game days really really important to practice Incident Response."
"Volatility is an open-source memory forensics framework for incident response and malware analysis."
"You must have incident response plans; if you do not have a strict process, then every time you will be fighting a different fire."
"You can build those packages in advance, so when you're doing an incident response, you don't need to do all of this right away."
"Incident response planning is about identification, containment, analysis, investigation, and response."
"It is a very powerful Incident Response framework that can help you go through and enumerate one-to-many and gather data on numerous systems at once."
"This is really dangerous but it's also extremely useful for incident response."
"If you had a critical detection for like a ransomware attack, you could have it generate an alert that goes right into Slack, send it to PagerDuty, send an email."
"The hive is an open source incident response framework focused on collaboration, elaboration, analysis."
"I use the ABCs whenever I get into an incident as a framework for the things that I should be looking for at each stage of the attack."
"This particular incident led to a complete overhaul in how pharmaceutical companies packaged their drugs."
"Built-in commands... are used to manipulate XOR incidents or indicators, threat intelligence reports within XOR."
"If you want to visualize the logs, work with the logs in one central place, you want to use Splunk to facilitate the process of responding to incidents or investigating events."
"If Robbie did something, if anything happened, then it should be focused on that and that alone."
"The hive is a 4-in-1 open source security incident response platform."
"Whenever there is a breach, you want to make sure you slow them down as much as possible, remove surreptitious entries to make them covert so your tools can discover them."
"It's also important that your organization have a set of policies and procedures for when a particular security incident occurs."
"Hello everyone and welcome to Digital Forensics and Incident Response webcast."