We will be presenting on the topic of Malware Incident Response jointly with guest speaker Sean Bodmer. During the webcast Sean will present case studies where his company was brought into fortune 500 companies to identify the scale of the infection. Together with his team of forensic experts, Sean was able to uncover all of the infected machines at each company and systematically remove the contagions. On occasion, Sean also works with the government when the scale of the project is linked to other countries.
“We are trying to encourage the importance of off system logging solutions. Syslogs, event logs, and NetFlow all need to be collected, monitored and warehoused for a period of time. These critical pieces of information have long gone undervalued until an intrusion occurs and firms realize how much of a difference they can make.” Says Sean Bodmer, Founder of PRAGMATIKIO “Systems like Scrutinizer are the repositories our team turns to when we have to investigate the digital foot prints of an infiltration. Without logs, we have to bring in our own systems and start the collection going forward. This means we sometimes can’t start cleaning up the infection until we have data to understand what is happening. Companies need to be proactive and log data now!”
Sean’s presentation includes details on the steps his team takes from discovery to complete removal of the malware. After Sean’s presentation Michael Patterson, Co-Founder of Plixer will present on how NetFlow and IPFIX can be used to profile end system behaviors to identify unwanted communications. He will present strategies on building your own incident response plan, what it should contain and how to make sure it stays effective.
“Flow collection has become a big data issue for larger enterprises. Distributed collection, fault tolerance and fast incident response are major topics on most calls with customers.” Said Michael Patterson – CEO at Plixer “Our clients want the flow reporting integrated with other forms of contextual information such as Cisco ISE and packet capture. We are going to demonstrate all of this as well as how to use flow data to monitor for unique business applications that exist in every company.”
The webcast finishes by sharing with listeners how to get started with their Incident Response Plan. Examples on what it needs to contain and how to make sure it is going to work within your company is all detailed.
Signup for the webcast on Thursday, December 18th 2014 @ 11AM Eastern. [Registration Closed]
If you have any questions or would like to learn more, feel free to reach out to me at justin.jett [at] plixer [dot] com. I would be happy to answer any of your questions.
The webcast will be posted on our site for later viewing shortly after the webcast ends.