SANS DFIR Summit 2022Speakers: Vishal Thakur & John Lopes
Not unlike the Corona Virus and its variants, the infosec community need to accept the fact that Ransomware is not going away anytime soon. This talk focuses on how busines can move away from the elimination approach towards a managed prevention approach. This is a presentation that covers everything you need to know to get started towards transforming your organisation to be ransomware resilient. Ransomware has been around for quite some time now and the good thing about that is that we have learnt a lot about this threat in that time. We dig deep into our past experiences from responding to security incidents involving ransomware and share our learnings with the audience. We discuss what to focus on while analysing ransomware and how to create effective detections for ransomware, based on core components of the malware and it’s behaviour. We share our ideas on how to create an environment within organisations that is ransomware aware and ready for response when an attack involving ransomware eventuates. From our experiences across industries spanning healthcare, technology, finance, manufacturing and commerce, we share knowledge that can be used to build a ransomware-resilient infrastructure. We cover topics such as what to look for when taking out a cyber insurance policy, along with strategies on how to handle communications during and after the incident. Let’s face it, ransomware is a threat that is here to stay, we need to adapt to living with it and best preparing organisations to manage it when it strikes. Proposal Details / Session Outline Ransomware is one of the biggest and most common security threats to organisations globally today and attacks involving ransomware are on the rise, as are ransom payments across all major industries. And yet, most organisations today do not have a ransomware-readiness plan or basically, do not know what the basic steps of ransomware response are. In this presentation, we describe the current ransomware threat landscape based on the real-world security incidents that our team at Ankura’s DFIR practice responds to, combined with research and intelligence gathering activities that we undertake as part of our efforts in enhancing our defensive capabilities. We present several techniques that we have successfully deployed in defending against this threat, covering both preventive and mitigation-focused approaches. Specifically, we share the following with the audience: Introduction: What does the current ransomware threat landscape look like and why we need organisations to be ransomware aware and ransomware resilient. How are ransomware groups operating and what are the main motivations behind these attacks as we see in real-world incidents. How do we respond to these incidents in a way that is simple to implement and easy to manage. We take a look at some real-world cases and how we responded to them successfully and share the learnings with the audience. We share with the audience how to build and implement systems that help create an environment that supports detection and response in the event of a ransomware incident, including how to develop a ransomware-readiness task-force. We talk about what to look for when it comes to cyber insurance policies for your organisation We present on how to build a communication strategy that works out of the box during an incident involving ransomware We share resources and further reading for the audience Q&A.
View upcoming Summits:
Download the presentation slides (SANS account required) at
Музыка
Фильмы
ТВ Шоу
Категории видео
