To Whack or Not to Whack — Incident Response and Breach Mitigation

To whack, or not to whack, that is the question: Whether ‘tis nobler in the mind to torch all The compromised boxes on your poor network, Or to take arms against a sea of malware And by blocking stop them all. So, what do you do during an active security incident? When is the proper time to whack-a-mole with your mallet? Is it better to light everything on fire and start over, or should you make observations a key component of your response and mitigation strategy? In this webinar, we'll discuss strategies for when it's time to scorch the earth versus sit back with a cup of tea, gaining intel into what active adversaries are doing in your house. We’ll break down some of the most important points to remember during the commotion of an active incident response, including: •Context is king. We’ll explain the important questions you need to be ask when scoping an incident to get an improved view of the situation. •Thinking fast and slow. It’s understandable to want to nuke everything from orbit just to be thorough, but it’s usually not the smartest play. We’ll outline the potential benefits and risks of hasty containment and remediation efforts versus slow, thoughtful analysis when executing a response game plan. •The law of diminishing returns. There can be a tipping point where the cost of your decisions and polices no longer justify the answers you’ll find. We’ll talk you through some tactics to find the sweet spot between effort and return.