Preparing for incident response using NIST CSF and SANS PICERL

Mark Bowling, VP of Security Response Service for ExtraHop, discusses how organizations can significantly improve their incident response (IR) posture by using proven IR frameworks that include NIST CSF and SANS PICERL. The goal of incident response is to mitigate the impact of a breach as quickly as possible. However, monitoring all of the collected and potential detection information, without intelligent discrimination (filtering), can be overwhelming. Without this insightful perception, understanding of critical events can be limited which leads to negative consequences when every second matters. Security technology, while a great facilitator, is not the whole panacea. Without the knowledge of how to effectively use these tools within an IR framework or process it is difficult to achieve the desired outcomes mandated by boards and stakeholders. In this session, Mark will lead the listener through the functional categories of proven security frameworks including NIST, ISO and SANs to help them prepare and plan for more effective incident response. The listener will learn how to structure detection processes and policies that lead to effective perception and understanding of incidents that result in fast and comprehensive response and remediation activities. Categories covered will include preparation through recovery and lessons learned with a special emphasis on the identification/detection and analysis functions.