Targeted Intrusion Remediation - Lessons From The Front Lines

Explore a comprehensive Black Hat USA 2012 conference talk on targeted intrusion remediation strategies. Delve into the unique challenges posed by persistent threats and learn how to adapt your approach for effective defense. Discover a three-pronged model for tactical and strategic security planning, focusing on inhibiting attacker activities, enhancing visibility for compromise detection, and improving rapid response capabilities. Gain insights from Jim Aldridge, a Mandiant manager with extensive experience in incident remediation, as he shares lessons learned from handling numerous APT threat actor cases. Examine the targeted attack lifecycle, recommended remediation approaches, and strategic initiatives to strengthen your organization's security posture. Understand the importance of login monitoring, password changes, application whitelisting, and strategic hunting in combating sophisticated threats.

Introduction
Jim Aldridge
Threat Landscape
What is a Targeted Persistent Threat
Advanced Persistent Threat
Incident Response
Example
Target Attack Lifecycle
Recommended Approach
Day 1 Attack
Day 4 Takeaways
Recommended Remediation Approach
Remediation Phase
Remediation Activities
Strategic Initiatives
Caveats
Prioritizing Initiatives
Login Monitoring
Password Change
Application Whitelisting
Strategic
Hunting
Investigation Ready
Enhancements
Survey
Additional Questions