Preparing for incident response using NIST CSF and SANS PICERL

Presented by

Mark Bowling, VP Security Response Services

About this talk

Mark Bowling, VP of Security Response Service for ExtraHop, discusses how organizations can significantly improve their incident response (IR) posture by using proven IR frameworks that include NIST CSF and SANS PICERL. The goal of incident response is to mitigate the impact of a breach as quickly as possible. However, monitoring all of the collected and potential detection information, without intelligent discrimination (filtering), can be overwhelming. Without this insightful perception, understanding of critical events can be limited which leads to negative consequences when every second matters. Security technology, while a great facilitator, is not the whole panacea. Without the knowledge of how to effectively use these tools within an IR framework or process it is difficult to achieve the desired outcomes mandated by boards and stakeholders. In this session, Mark will lead the listener through the functional categories of proven security frameworks including NIST, ISO and SANs to help them prepare and plan for more effective incident response. The listener will learn how to structure detection processes and policies that lead to effective perception and understanding of incidents that result in fast and comprehensive response and remediation activities. Categories covered will include preparation through recovery and lessons learned with a special emphasis on the identification/detection and analysis functions.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (188)
Subscribers (9818)
The prevention and protection model of cybersecurity isn’t working: between the cloud, IoT, and the sheer pace of change, the enterprise is no longer built to be walled in. This channel provides educational webinars to help SecOps (SOC) and NetOps (NOC) teams, from CIOs and CISOs to analysts and practitioners, change their perspective in order to identify, investigate, and respond to threats across the modern attack surface. We explore how cloud-native network detection and response (NDR) provides the complete visibility, real-time threat detection, and intelligent response you need to secure your hybrid environment. You’ll also find product information about ExtraHop Reveal(x) which enables you to: Eliminate blind spots: Cover 100% of your hybrid environment, Detect what matters: Find threats 95% faster, and Act quickly: Respond to breaches 70% faster. Learn more at