Incident response (IR) is hard. I know this because I said "damn, this is hard" the first time I sat down to conduct proper IR using Console, the investigator client for the MANDIANT Intelligent Response appliance. Since then, I have learned a lot about incident response, memory and disk forensics, hooking and other technical details. I have also learned that very few customers have the resources to fund an internal army of security experts that have lived and breathed IR since the time of Morris. Training and work experience will eventually bring security staff up to speed, but they can only work so long before they require inconvenient things such as food, sleep and watching viral videos from Auto-Tune the News. So how can an organization enhance its IR game when it only has a small number of security staff, with maybe one or two ninjas?Read more...
Entries filed under 'MIR 2.0'
Threat Research Blog
The FireEye Labs team posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. They cover the full spectrum of exploits and vulnerabilities, including advanced malware and targeted threats.