Enabling Defenders to Conduct Incident Response Investigations with Open-Source Tools

Today's current threat climate has organizations stretched thin in their budgets for security tools. While this is understandable, many defenders are left with a limited capability to adequately protect their organization. Combine this with the difficulty of implementing proprietary software that does get approved, defenders struggle to conduct in-depth investigations in their organization's environment. To improve this, this presentation will examine four stages of a cyber-attack/incident and discuss use cases for open-source tools that defenders can immediately implement to conduct initial Incident Response investigations. I will conclude by discussing how defenders can scale these investigations to a large environment. After this presentation, viewers will be able to immediately deploy incident response tactics in their organization without the need for proprietary software or licenses.
ABOUT THE SPEAKERLogan is an Incident Responder for GreyCastle Security. Logan conducts digital forensics on endpoints, network traffic analysis, malware analysis, and threat hunting for a variety of organizations including higher education, manufacturing, and financial institutions. He holds a Bachelor of Applied Science in Cybersecurity from the SANS Technology Institute, along with several GIAC certifications including GCFA, GCFE, and GCIA.
View upcoming Summits: http://www.sans.org/u/DuSDownload the presentation slides (SANS account required) at https://www.sans.org/u/1iaE#BlueTeamSummit #BlueTeam #CyberDefense