Black Hat USA 2019: Don’t Gamble With Your Incident Response

Back to all articles

Black Hat USA 2019

This year’s Black Hat USA 2019 event is scheduled to take place next week, from August 3-8, in Las Vegas, Nevada. This high-profile conference not only attracts the attention of the cybersecurity community, but also high-profile security experts from all around the globe, who will be flocking into the heart and heat of the desert to discuss and present the latest achievements within the industry. Typically, Black Hat consists of four days of technical training and a two day conference featuring briefings and a business hall.

Even though the location and the nature of the city may tempt you to try your luck in some of its many large casinos on the Vegas strip or downtown, it is important not to use this type of strategy for cybersecurity, potentially gambling on its success, especially when it comes to your security operations and incident response program in the day and age where cyberattacks are impacting our organizations more than ever before.

As said above, this globally popular annual conference proves to be a valuable resource of state-of-the-art technologies, experiences, and knowledge in the cybersecurity industry. Participants have the unique and exclusive opportunity to find out everything security-related first hand, whether it’s staying abreast of the latest cybersecurity threats, seeking out new solutions and vendors, networking with peers, listening to the numerous presentations, or by taking part in the different training sessions guided by industry experts to improve their skills. Whatever your choice might be, Black Hat offers so many opportunities for the curious cybersecurity driven minds of those who will be there.

Well-planned Incident Response Program Goes a Long Way

The chances are your security operations and incident response programs could be operating more efficiently and effectively. With increasing volumes of security alerts, more sophisticated levels of attacks, a growing number of disparate security tools being used, as well as difficulties with sourcing skilled professionals to name a few, all of these pain points and challenges collectively will be taking their toll on performance.

As well as looking at overall performance, strategy often comes down to risk and the consequences of it. For example, do you want to risk security alerts slipping through the net untouched, potentially causing that security incident to become a full blown breach within your organization because you didn’t have the suitable tools, technologies and people in place to manage it, and instead put it down to chance? The most likely answer is no, as there is far too much at stake, including brand, reputation, fines, all leading to detrimental financial impacts. A serious data breach can cost an organization hundreds of millions of dollars, and often what makes a breach serious is the effectiveness and speed of the incident response process.

Having a well designed incident response plan is one of the most critical components for successfully responding to a security incident and mitigating the potential impact from the incident as much as possible. The chaos of a security incident is the worst time to be making decisions on the fly.

Incident response plans should be detailed, covering both strategic goals as well as tactical plans for dealing with the types of incidents which are most likely to impact the organization (performing proper risk assessments is also critical). These plans should include critical components such as who should be involved in the response and how to contact these resources, what technical resources and data sources are available for investigation and containment (and how to use them), what actions should be taken for specific threats, and a solid communication and collaboration plan.

An incident response plan is never a static document. An organization’s technologies, networks and the threats being faced are constantly evolving, and the incident response plan must evolve with them. One of the biggest mistakes an organization can make is having the false impression that once an incident response plan is completed, it is somehow “done”. On the contrary, an incident response plan is a continual process and should be reviewed at least annually or whenever a major change to the organization’s environment occurs.

Perhaps one of the best ways to review an incident response plan is by testing it in action. What sounds good in planning or on paper may fall well short of the intended outcome in practice. Tabletop exercises or similar sessions should be conducted at least annually to test the incident response plan. These exercises have the added advantage of familiarizing all stakeholders with the incident response plan and their individual roles in the process. The pandemonium during an incident is a horrible time to be familiarizing yourself with the plan.

Most organizations will likely experience a data breach sooner or later, and how they respond will affect the future of the business. If you dedicate your time and efforts as a team and organization into achieving improved operational efficiencies by utilizing the right tools and technologies to empower you existing people, the results will come much faster than you expected, and will be even far more successful.

DFLabs at Black Hat USA 2019

For several years in a row now, DFLabs, as a market leader in the Security Orchestration, Automation and Response (SOAR) industry, will be at Black Hat with its team to showcase the latest features and use cases of its SOAR solution. With the aim to answer questions and educate people about how it can help to overcome some of the most challenging and common security operations and incident response issues, we will be demonstrating the power of SOAR technology and how it can transform your existing processes and procedures, enabling professionals to understand just how necessary a SOAR solution is within the security infrastructure of any large organization today.

We as a company want to ensure that all organizations are prepared for the inevitable and when cyberattacks hit, they have the capabilities in place to keep their cyber incidents under control, regardless of the size of the team and resources available. We can’t wait for this year’s Black Hat USA to begin so we can share our knowledge!

If you are attending Black Hat, don’t miss this opportunity to see our award-winning IncMan SOAR platform with its unique runbooks and playbooks in action with a range of seamlessly integrated tools and technologies. Learn how it can put an end to those mundane and repetitive tasks, overworked analysts, unutilized tools, while speeding up your incident response, reducing the time it takes to detect, respond to and remediate all security incidents.

Our experts are excited to present why incident response must not be taken lightly, and why incorporating a SOAR tool right now is a must. Ahead of next week, schedule a meetup at our booth #IC 2310 located in the Innovation City. We look forward to seeing you there.

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request a demo