Large scale incident remediation: Lessons learned

Abstract

The remediation phase is the most important step in a successful incident response. Preparation often takes multiple months to make sure you know the attackers tools, tactics and procedures (TTPs) before you kick them out of the network. Sometimes, getting all the technical aspects right isn’t the most challenging task. Large corporations often fail to set the right priorities regarding internal processes and compliance issues. In this talk we break down our approach, as well as sharing lessons from the field and Best Practices.

Julien Reisdorffer

Julien is a Cyber Security Consultant with Microsoft Services since 2015, where he spends his time with challenging topics like Security Architecture and the obligatory Cyber Janitor duties aka helping customers recover from a compromise.

 

Andreas Lucas

Andreas started at Microsoft 7 years ago as an AD engineer. From the beginning he was focused on Active Directory and Certificate based security. Since 2016 he is working as a Cyber Security Consultant to help customers in a compromised situation.