Skilled incident responders are in rare supply. InfoSec tools fall short of automated detection. Sophisticated, targeted attacks are on the rise. In short, the attackers are winning.
In a survey conducted by the Ponemon Institute, most respondents said that the best thing their organization could do to mitigate future breaches is improve their incident response capabilities. However, most respondents also said that less than 10 percent of their security budget is used for incident response.
Under these circumstances, what can be done to turn the tide against cyber-attacks? The (un-sexy) answer is process. This session will examine how to maximize existing personnel and tools to more effectively identify and quantify security risks.
At the end of the session, attendees will have a better understanding of incident response, and how they can implement a more effective IR process.
- Identification of systematic security holes/failures
- How to effectively communicate failures to management
- Methods and approaches to automating incident response
About Charles Herring

Charles Herring is Consulting Security Architect at Lancope. Charles spent 10 years on active duty with the US Navy. His last position in the Navy was as the Lead Network Security Analyst for the Naval Postgraduate School. After leaving the Navy, he spent six years consulting with the Federal government as well as serving as a contributing network security product reviewer for the InfoWorld Test Center. Charles spends much of his time assisting enterprise organization with detecting and responding to advanced and insider attacks.