The initial signs that you have a security incident on your hands are rarely black and white. The first questions you have to ask yourself are "Is this a real incident?" and "How should I respond?" Based on our first-hand experience, a rapid response in the first 72 hours is critical.
In this webinar we will discuss the main response tactics to contain and understand an incident, and offer best practise on investigation, identification and containment of the incident before responding.
Key Takeaways:
- What are the difference between incursion and persistent detection
- Identify key activities to perform in the first 72 hours
- Understand why immediately stopping the attacker may cause more disruption
