We all want a perfect environment to operate securely. In a perfect world, we would have all the resources we need to successfully defend our networks. Reality though paints a much more complex picture. We beg the desktop support team to deploy our endpoint security agents. There is a Windows 2000 server hosting a critical business application stuffed in an old cabinet which no one will take responsibility for upgrading but cannot be removed. Matthew Aubert, a Manager on the Cisco Talos Incident Response team will present a short, but informative talk on what immediate actions should be taken when there is an active adversary on a network. How do you protect your critical resources, contain the adversary, and deal with a possible worse-case-scenario?
Demonstrate the need for leadership in a crisis.
Identify critical containment measures in the middle of a breach.
Reinforce the requirement for stakeholder communication.