• How did they gain access to our environment?
• How long have we been compromised?
• Did they steal any data?
These same questions are asked of every intrusion asked of Mandiant Incident Responders. The ability to quickly answer these questions is often limited by gaps in the default logging configurations of enterprise products, which overlook the critical details needed to support incident response investigations.
Attend this session to learn what the critical logging configurations and monitoring practices are, which fill commonly overlooked gaps, so you’re set up for success in your next investigation.