Lizzie Clark

An Insider’s Guide to Digital Forensics and Incident Response (DFIR): Webinar Recap

did you miss our “insider’s guide to digital forensics and incident response” webinar? this blog rounds up SOME OF THE KEY TAKEAWAYS.

In our recent webinar, digital forensics and incident response (DFIR), expert Alejandro Rivas Vasquez, Global DFIR at NCC Group, and Andy Scutt, Channel Sales Manager at Searchlight Cyber talked about, and explored, the vital role of DFIR.

 #1 The biggest challenges when it comes to Digital forensics and incident response

“One of the biggest constraints when it comes to DFIR is time constraints. Incident response is always very urgent and very important because it could be costing millions of dollars each day. So if you haven’t trained or rehearsed for this scenario, incident response will take a lot longer. A technological challenge is knowing you have been breached but you can’t prove it because you can’t see the data.”

Alejandro shares his thoughts on the biggest challenges when it comes to DFIR. In this clip he talks about the importance of time and urgency in responding to an incident, as well as delving into the technological challenges that businesses face.

#2 Mistakes organizations are making in incident response

“The biggest mistake companies make during incident response is having done all the exercises and having the plans in place, they throw all those procedures out during an attack, turning one incident into another. Another is not having policies and procedures in place at all.”

Next we look at the mistakes organizations make when it comes to incident response. From throwing all the plans and procedures out of the window when a breach happens, to not having policies in place at all.

#3 Regular testing of DFIR processes

“Be smart, be proactive. Cybercriminals aren’t static, they are developing all the time, businesses need to do the same. You need to understand the potential cases that apply to you. You can do ransomware exercises either internally or hand holding with an instructor. Develop incident response frameworks, policies, and procedures, as well as a response plan, crisis management, and media handling.”

Why is in depth and regular DFIR testing important in your business? Both Alejandro and Andy discuss how table top exercises and drills, as well as partnering with an instructor to do this work, can help you plan for the future.

#4 The value of continuous dark web monitoring for incident response

“It’s great to be able to go back and look at what happened six months before the attack. What dark web traffic was coming in at the time, how did the cybercriminals make that initial breach, and how did it start. Having evidence on what happened and knowing the original breach source. Following a clean up after the incident, there’s a lot of value in being able to see that nothing left is being compromised.”

Lastly, our experts spoke about the value of dark web monitoring for incident response. They discuss how utilizing threat intelligence technology can not only help you to understand how the breach started, but gives businesses insight on how it can give you peace of mind that – after the incident – nothing left is being compromised.

If you’d like to learn more about the important role Digital Forensics and Incident Response plays in organizations, you can WATCH THE FULL WEBINAR on demand.