- This event has passed.
Session: How Was that Breach Detected?
October 1 @ 3:00 pm - 4:00 pm EDT
Presented By: Jeff Hamm
Mandiant has done thousands of IR investigations across multiple industry types and networks. In each case, the customer was either altered by a third party about the breach or discovered something “not quite right” in the network. In several cases the alerts the customer discovered led to discovery of a targeted attacker in the environment – and a subsequent incident response investigation.
In this presentation, we will use international case examples Mandiant investigated to take a closer look at how the breach was discovered and what security lessons can be learned from the alerts – for example how a performance monitor on a domain controller spiked which led to discovery of credential harvesting. The take away will include actionable in many environments.