This is an interesting webinar that cover incident response in the New Reality: those clouds and workstations that work from anywhere.
We may familiar with current incident response process for data center, but how about those cloud and those who work from home.
The webinar walks us through the typical Cyber Kill Chain and the protection, including how EDR and cloud can help us in the incident response. Based on statistic:
- Hacker will stay undetected at average of 200 days in our network.
- It takes around 80 days for recovery. This includes identification, containment, investigation, eradication, recovery, and make sure it won't happen again.
Microsoft Defender Security Center solutions:
- Use cloud to replace onPrem SIEM to cover full infrastructure.
- Use Machine Learning + Behavioral to speed up detection.
- Incident Mgmt, Timeline and detailed analysis, Vulnerability Mgmt, Threat intelligence and advanced hunting.
Demos:
- Cyber Kill Chain
- USB Cactus in Action
- EXE Attack
- Microsoft Defender For Endpoint
- Advanced Hunting