Are you Janitor or a Cleaner?

Presented at ToorCon San Diego 15 (2013), Oct. 20, 2013, 3 p.m. (20 minutes)

Everyday corporations are faced with the increasing likelihood of attack. They spend millions, in security software/tools/training/hardware only to neuter it at the behest of other "business" units. The idea that losing one customer because of a false positive is enough justification to put the entire customer base at risk. This talk will debunk that myth, as well as show what makes our attackers so nimble ( they don't have to play by the rules ). On the flip side - how are you handling the breech? What are you doing with your attack data? Are you just mopping up the mess - or are you armed with the tools to thoroughly "clean" your enemy. This talk is a double shot of the real life experiences handling an active attack and cleaning up after a breach. A primer on new approaches to antiquated techniques and ultimately shine some light on what makes the attacker so nimble - and ways to up your incident response game. Are you a janitor? Or are you a cleaner?


Presenters:

  • Matthew Hoy / Mattrix as Matthew “mattrix” Hoy
    Matthew Hoy (@mattrix_) is a Senior Security Consultant with Accuvant Labs Technology Services team. Matthew has worked in the Information Security world for over 15 years in various Information Security roles from Security Analyst, Architect, Incident Response, Consultant and Management. Matt currently holds CISSP and SANS GCIH Certifications. Matt has recently presented at Seattle Toorcon. Most attendees would probably recognize mattrix better in a staff shirt of some kind for either Toorcon or a Red Shirt Goon at Defcon. Matthew's hobbies include Off-roading, shooting sports, fishing, hunting and technology when he has time.
  • John Stauffacher / geekspeed as John "geekspeed" Stauffacher
    John Stauffacher (@g33kspeed) is a Senior Security Consultant with the Accuvant Labs Technology Services team where he performs perimeter, network and application security defense projects for clients. As part of the Technology Services team, John's core function is to provide expert level consultation to clients as well as deliver training and knowledge enrichment. John has held high level technical certifications with major security vendors and is considered an expert in the field of perimeter security. John has also been a lead contributor to open source security projects, as well as an active speaker at conferences and author of a number of titles on the topic of network and perimeter security. John has carried an active CISSP certification since 2004.

Similar Presentations: