When performing incident response, focus is extremely important. A significant incident can produce innumerable leads and avenues to investigate. Unfortunately, not all of these leads/avenues are productive ones. Choosing poorly can have the unintended consequence of locking up resources for days while producing very little value-added analysis. It is often difficult to know which direction or directions to go in analytically. In my experience, senior members of the incident response team, who base recommendations on past experiences, lessons learned, and day to day familiarity with the network and its data have good advice to offer here. That being the case, I've always wondered why management ends up driving high profile incidents. It's a bit of a wonder if you think about it....
Followers
Blog Archive
About Me
- Josh Goldfarb
- Josh (Twitter: @ananalytical) is currently Global Solutions Architect - Security at F5. Previously, Josh served as VP, CTO - Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT. In addition to Josh’s blogging and public speaking appearances, he is also a regular contributor to DarkReading and SecurityWeek.
No comments:
Post a Comment