Speaker: Michael La Pilla
CIRT organizations are expected to handle any type of incident thoroughly but quickly. In a past life as a pure researcher I made many assumptions about what could and couldn't be done in a CIRT. This talk is about how I integrated everything I learned in my previous world into a CIRT environment. Targeted attack discovery and response will be high on the discussion list. Specifically this talk will focus on standing up tools to automate high volumes of incidents and to discover unknown intrusions. During the talk I will include discussions of many tools, both open source and custom made that can be replicated for use in other CIRTs. I will maintain the talks focus on no-cost tools and techniques that can be implemented by anyone, anywhere in the world, without any budget.