The Holy Grail of Incident Response: A Single, Correlated Source of Intelligence

Logo
Presented by

Atheana Fulgencio & Jeremy Linden

About this talk

Time is of the essence when you’re investigating security incidents. While it’s critical to find out as much as you can about the incident from internal sources (logs, network activity, endpoint data, etc.), you also need context about what type of threat you’re facing. When you come across an domain, IP, or file hash during investigations, you need to answer dozens of questions ASAP. -Is this malicious? What’s known about it? -What other domains, IPs, or file hashes are related? -Is this a widespread threat or more targeted? And to answer these questions today, you probably need to go to multiple sources and manually piece the puzzle together. What if you had a single, correlated source of intelligence instead? OpenDNS Investigate now includes malware file data from Cisco AMP Threat Grid. Join our webcast to learn how Investigate provides the most complete view of the infrastructure used in attacks. With Investigate, you can: -Instantly validate malicious domains, IPs, and file hashes -Identify the Internet infrastructure and malware files related to attacks -Uncover infrastructure being staged for future attacks -Speed up investigations and stay ahead of threats
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (375)
Subscribers (69244)
Cisco Umbrella provides a cloud-delivered network security service that blocks advanced attacks, as well as malware, botnets and phishing threats regardless of port, protocol or application. Our predictive intelligence uses machine learning to automate protection against emergent threats before your organization is attacked. Umbrella protects all your devices globally without hardware to install or software to maintain. Learn more: https://umbrella.cisco.com/