Bill Brenner sets the stage for the day ahead | In the early years of information security, there were some serious technical challenges when it came to detecting and responding to attacks. Gathering data was hard - we had to build parsers and normalize data. Any dropped syslog data was gone forever. Storage was slow and expensive. Database technologies were slow. Queries took forever. Security teams had to build all their detections and reporting from scratch. Today, many of the technical challenges are gone, leaving us more time than ever to focus on the core of the job: detection engineering, threat hunting, and incident response. However, some challenges remain, and many are related to the “people” part of the equation. That’s what we’ll be focusing on in this opening presentation.

In today's ever-evolving cyber landscape, incident response and network protection are paramount for organizations of all sizes. This session delves into the strategies and tactics essential for safeguarding networks from vulnerabilities and efficiently mitigating threats. From identifying potential weaknesses to implementing robust incident response plans, attendees will gain insights into practices proven effective, and practical approaches to fortify their organization's defenses. Join us to explore real-life use cases from the frontline of cyber defense and learn how to arm yourself with the knowledge needed to defend against emerging threats.
 
Key points to be covered:

• Proactive approaches to identifying and addressing network vulnerabilities
• Effective incident response strategies to contain and mitigate cyber threats
• Collaboration techniques to enhance incident response efforts and strengthen network resilience
• Real-life use case from a global, frontline incident response team

Join us for a virtual panel discussion as we delve into the often overlooked yet critical issue of mental health within the realm of incident response. Led by industry experts, this session will shed light on the unique challenges faced by individuals working in incident response roles, from the constant pressure of handling high-stakes situations to the relentless exposure to traumatic events. Through candid conversations and personal experiences, we will explore the impact of prolonged stress and burnout on mental well-being, as well as the stigma surrounding mental health in the cybersecurity community.

In today's complex and ever-changing cybersecurity landscape, effective collaboration between threat intelligence and incident response teams is paramount. This session explores the symbiotic relationship between these two critical functions, delving into the challenges posed by emerging threats and providing insights into how SOC teams can strengthen their defenses against bad actors. Through real-world examples and best practices, attendees will gain practical strategies for integrating threat intelligence into incident response processes, leveraging automation and AI, and preparing for future trends in cybersecurity.

Key Takeaways:

• Understand the role of threat intelligence in enhancing incident response capabilities.
• Learn strategies for effective collaboration between threat intelligence and incident response teams.
• Explore emerging technologies and trends shaping the future of cybersecurity defense.

Join CRA Business Intelligence producers Bill Brenner and Paul Wagenseil for a comprehensive analysis of Incident Response in the current cybersecurity landscape. Explore the challenges and successes encountered by security teams, delve into strategies for effective incident management, and gain insights into planned investments for enhancing incident response capabilities in the upcoming year.

Whether you conducted a simulation or experienced a real-life cyberattack, it's crucial to assess how well you performed in your incident response. By evaluating and grading your IR, you can identity weaknesses and hopefully smooth over any rough patches in your response. This session will explain the value of IR post-mortems and present recommendations on how to optimally perform them in order to get meaningful insights.

Incident response is far more than just the technical investigation and removal of a threat. Depending on the severity, it can require multiple stakeholders from across an organization to play their part correctly – legal teams, emergency communications, insurance reps, HR, management, and corporate boards. Failure to delineate these roles can not only interfere with the investigation, but also create more damage beyond the initial incident. In this fireside chat, we’ll examine the importance of clarifying responsibilities for IR decision-makers working across the business and how resources can be best put to use.