Session Schedule

Loading Events

« All Events

  • This event has passed.
Oct 1

Session: How Was that Breach Detected?

October 1 @ 3:00 pm - 4:00 pm EDT

Presented By: Jeff Hamm



Mandiant has done thousands of IR investigations across multiple industry types and networks.  In each case, the customer was either altered by a third party about the breach or discovered something “not quite right” in the network.  In several cases the alerts the customer discovered led to discovery of a targeted attacker in the environment – and a subsequent incident response investigation.

In this presentation, we will use international case examples Mandiant investigated to take a closer look at how the breach was discovered and what security lessons can be learned from the alerts – for example how a performance monitor on a domain controller spiked which led to discovery of credential harvesting.  The take away will include actionable in many environments.


October 1
3:00 pm - 4:00 pm EDT
Event Categories: