Countdown to Black Hat: Top 10 Sessions to Attend — #3

We’re getting closer to Black Hat USA 2019, whose program is loaded with scores of research briefings and training courses. For attendees, it’s always a challenge to decide which ones to put on their schedule — and which ones to leave out.

To help with this task, we’re recommending a Black Hat USA 2019 session every week. Adding to our top recommended sessions, here’s our third choice: Windows Enterprise Incident Response.

This course teaches how to do triage on a potentially compromised system, uncover attack evidence, recognize persistence mechanisms, and more. Key takeaways include learning incident response principles, and scaling analysis to an enterprise environment.

The instructors are Mandiant consultants Austin Baker and Julian Pileggi, who have expertise in digital forensics, incident response, proactive security and threat hunting. The course is intended for people with backgrounds in forensic analysis, pen testing, security architecture, sysadmin, incident response and related areas.

Why we’re recommending it

It’s imperative for security teams to quickly detect and address breaches in order to effectively contain them, limit their damage, perform remediation, and report — internally and externally — what happened and why.

This is especially true today, as cyber attacks become more frequent and sophisticated, and the probability of suffering a breach at some point is sky high, even with strong prevention in place.

Moreover, the consequences from stealthy breaches that go undetected for months are dire: Massive data theft, customer loss, brand damage, civil litigation, regulatory fines, IP piracy, and more.

Realizing the inevitability of breaches, security teams are shifting investments from threat prevention to threat detection and response, a balancing trend noticed by market experts.

“The balanced approach recognizes that it is impossible to stop all attacks, and that detection and response must work efficiently to reduce the harm from successful attacks,” reads a recent Gartner report, as cited by Gartner analyst Anton Chuvakin. In fact, according to Gartner, this trend is transforming SOCs: By 2022, 50% of SOCs will feature integrated incident response, threat intelligence and threat-hunting, up from under 10% in 2015.

In conclusion, to rapidly detect and fix breaches, security pros must master a variety of skills involved in incident response. By addressing key areas like threat landscape assessment, attack lifecycle, incident response, system analysis, investigation management and threat hunting, this course seems like a worthy one for Black Hat attendees to consider.

Qualys at Black Hat USA 2019

A Diamond Sponsor, Qualys will again have a major presence at Black Hat USA 2019, which runs from Aug. 3-8 at the Mandalay Bay in Las Vegas. We’ll be there explaining how we can help organizations protect their hybrid IT environments without slowing down their organizations’ digital transformation.

We invite you to stop by our booth (#204), enjoy a cup of coffee from our Nespresso bar, and chat with our product managers and technical account managers. We’ll raffle hi-tech prizes and give out tote bags after each presentation, including:

  • Exclusive product previews, including of our new Threat Detection and Response Platform
  • Best practices presentations from leading enterprises
  • An overview of how Qualys Cloud Platform, our end-to-end security and compliance solution, gives you a real-time, holistic view of your threat landscape, and comprehensive capabilities for attack prevention and incident response

Leave a Reply