2016 has been a year of significant change to the
cyber security landscape. The rapid proliferation of ransomware and
the emergence of Internet of Things mass compromise has changed the
landscape for responders. Similarly, existing threats have become more
brazen, with nation-state actors publishing the results of their
campaigns publicly and financial threat actors leaving no piece of PII behind.
While the average global identification time for compromise by advanced attackers has continued to decrease from 206 days in 2014 to 146 days in 2015, it’s still unacceptably long to protect the data that matters for an organization. As an incident responder at Mandiant for the past four years, I have personally worked on cases in 2016 where attackers were able to break into an organization and complete their mission in record time.
Skilled and trained incident responders with access to the latest information on threats, adversaries and tools are one of the best lines of defense in keeping an environment secure and terminating a threat as it happens. With that in mind, for the FireEye Cyber Defense Summit 2016 Incident Response track, I sought to cultivate a group of practitioners who could share their experiences, research and successes with the greater incident response community.