In this six-part blog series, the RSAC editorial team highlights the six buzz topics featured at RSAC 2022. Each blog will highlight one of the most popular topics and trends seen within related sessions. Our final topic is analytics, intelligence & response.
Preparation for OT Incident Response
Lesley Carhart, Principal Industrial Incident Responder at Dragos, Inc.
Carhart drops some big facts and figures right off the bat, mentioning that cybercrime is a multi-trillion-dollar industry, and every vertical is a target, and every size organization is a target. She mentions that cybersecurity incident response is a “when,” not an “if.” Incident response base rates currently run $350–$600 an hour, which adds up quickly.
It can be an overwhelming prospect, but Carhart says to start with the basics, leverage easy wins when you can grab them, project long-term efforts, invest now, and that will save quantifiable resources during an incident, and utilize outside resources when needed for proactive tasks.
Expect More: Realizing the True Impact of Your Intelligence Program
Stu Solomon, President at Recorded Future
Solomon shares some insightful nuggets surrounding intelligence throughout his presentation and great reminders. Intelligence is not just for the government, and everything eventually ends up on the Internet.
In a world of aggressive uncertainty, intelligence is the only equalizer. Situational awareness requires internal and external participation—basically total buy-in from the top down. When discussing AI, Solomon reminds us that automation in intelligence is critical to creating measurable operational outcomes.
Use the Force, Luke: Harnessing Shodan to Hunt for Threats to ICS Systems
Dan Gunter, Founder and CEO of Insane Forensics
Paul Mathis, Lead Cybersecurity Analyst at Insane Forensics
Threat hunting is a “proactive, analyst-driven process to search for attacker tactics, techniques, and procedures (TTP) within an environment” and incorporates detection and prevention. Threat hunting is one of many possible controls an organization might use to counter a threat to the organization. The threat surface extends beyond the enterprise network boundary if a network boundary event exists. Gunter and Mathis remind us that time and money are finite resources for a security program.
When going back to your organization, it’s important to identify threat hunting program maturity and identity opportunities to influence your organization. Incorporating new analysis tools and techniques to cover wider threat surfaces in the first three months is a good place to start.
Read all of the series: