Automating Incident Response

Explore the benefits and implementation of automated incident response in this 48-minute Black Hat conference talk. Discover how automation can overcome inefficiencies and accelerate response times in cybersecurity operations. Learn about the current challenges in incident investigations, the concept of Mean Time to Know, and why traditional methods are time-consuming. Delve into a capability framework and investigation engine, understanding their building blocks and the importance of a comprehensive ontology. Gain insights into ontology visualization and practical examples. Conclude with key takeaways and future directions for automating incident response, as presented by Elvis Hovor and Mohamed El-Sharkawi.

Introduction
Current Challenges
Incident Investigations
Mean Time to Know
Why is it taking so much time
Benefits of automation
Capability Framework
Investigation Engine
Building Blocks
Comprehensive Ontology
Ontology Visualization
Ontology
Example
Learning
What Next
Takeaways