Panel | Going Dark: DOS’ing Yourself for the Better

Channel:
United States SANS Institute
Subscribers:
64,200
Published on ● Video Link: https://www.youtube.com/watch?v=WrIiQAKFUHk


Duration: 49:41
128 views
6

SANS Ransomware Summit 2023

Panel | Going Dark: DOS’ing Yourself for the Better

Panelists: Ryan Chapman, Certified Instructor and Author, SANS Institute
Michael Rogers, Sr. Director Technical Advisory Services, MOXFIVE
Chris Brewer, Director, Unit42
Allan Liska, CSIRT, Recorded Future

Through this discussion I plan on leverage lessons learned and examples from having the opportunity to be responsible for these decisions for a large amount of ransomware incidents from a forensics and recovery viewpoint. The debate over whether to cut off internet access during a ransomware investigation is complex and depends on various factors, including the nature of the attack and the organization's security posture. Real-world examples show how leaving the internet open during an investigation can lead to continued exfiltration and compromise, while cutting off internet access can enable more rapid investigation and provide valuable intelligence. The discussion should focus on what level of maturity companies need to properly maintain internet access during an attack and what scenarios warrant cutting off access. Adequate visibility and basic controls, such as segmented backups, active directory backup, and EDR coverage, are essential for making informed decisions. Ultimately, the decision requires careful consideration and planning to mitigate the risks and protect sensitive data.

View upcoming Summits: http://www.sans.org/u/DuS



Other Videos By SANS Institute


2023-09-18FEATURE SEGMENT: Detection Engineering: The Blue Team Cheat Code
2023-09-14SANS Cyber Defense Initiative® 2023 in Washington, DC
2023-09-12Detection Engineering: The Blue Team Cheat Code | Host: Mark Orlando | September 12, 2023
2023-09-05CryptOSINT | Host: Sadie Gauthier | September 5, 2023
2023-08-31SANS Threat Analysis Rundown (STAR) with Katie Nickels | August 2023
2023-08-31FEATURE SEGMENT: Inside SANS Holiday Hack Challenge 2023 | Host: Ed Skoudis
2023-08-29Inside SANS Holiday Hack Challenge 2023 | Host: Ed Skoudis | August 29, 2023
2023-08-22In Hot Pursuit: Tracking Ransomware Actors | Ryan Chapman | Aug 22, 2023
2023-08-17Analysis on legit tools abused in human-operated ransomware
2023-08-17Lessons from the Frontlines: Ransomware Attacks, New Techniques, and Old Tricks
2023-08-17Panel | Going Dark: DOS’ing Yourself for the Better
2023-08-17Cracking Ransomware: Bypassing Anti-Analysis Techniques and Decrypting LockBit Black Ransomware
2023-08-17Jackpot! Three Years Of ESXi Ransomware Incidents
2023-08-17Data Science for Ransomware Defense and Negotiation
2023-08-17A RaaS-ipe for Disaster: The Evolving RaaS Space, as Told Through Tools, Techniques, and Procedures
2023-08-17Beyond Encryption: Exploring the Tactics Ransomware Operators Use During Negotiation & their Impact
2023-08-17You Got a TOAD: A Novel Technique for Dropping Ransomware
2023-08-17Keynote | A Post-Apocalyptic Hellscape: What Ransomware Looks Like After RaaS
2023-08-15Your Cloud Security Journey: Key Trends, Capabilities, & Skills
2023-08-15FEATURE SEGMENT: Your Cloud Security Journey: Key Trends, Capabilities, & Skills
2023-08-15NICE Workforce for Cyber Security: Recruiting, Developing, and Planning Your Cybersecurity Workforce


Tags:
sans institute
information security
cyber security
cybersecurity
information security training
cybersecurity training
cyber security training