Automating Incident Response
Offered By: Black Hat via YouTube
Course Description
Overview
Explore the benefits and implementation of automated incident response in this 48-minute Black Hat conference talk. Discover how automation can overcome inefficiencies and accelerate response times in cybersecurity operations. Learn about the current challenges in incident investigations, the concept of Mean Time to Know, and why traditional methods are time-consuming. Delve into a capability framework and investigation engine, understanding their building blocks and the importance of a comprehensive ontology. Gain insights into ontology visualization and practical examples. Conclude with key takeaways and future directions for automating incident response, as presented by Elvis Hovor and Mohamed El-Sharkawi.
Syllabus
Introduction
Current Challenges
Incident Investigations
Mean Time to Know
Why is it taking so much time
Benefits of automation
Capability Framework
Investigation Engine
Building Blocks
Comprehensive Ontology
Ontology Visualization
Ontology
Example
Learning
What Next
Takeaways
Taught by
Black Hat
Related Courses
Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security ChipBlack Hat via YouTube Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube