4. Wim Remes - wim.remes@ioactive.co.uk
A B C D E F G
compromise detected
attack occured
window of compromise
THE IR TIMELINE(reality)
PANIC!!!
5. Wim Remes - wim.remes@ioactive.co.uk
A B C D E F G
compromise detected
attack occured
window of compromise response
THE IR TIMELINE(for the pathological optimist)
6. Wim Remes - wim.remes@ioactive.co.uk
A B C D E F G
compromise detected
attack occured
window of compromise
response
THE IR TIMELINE(how it should be)
7. Wim Remes - wim.remes@ioactive.co.uk
A B C D E F G
compromise detected
attack occured
window of compromise response
THE IR TIMELINE(for the pathological liar)
12. IR SHOPPING LIST
a. Awesome people!
b. Management Support (no kidding)
c. IR Process + RACI
d. Supporting Technology
e. Training & Test Drives
Wim Remes - wim.remes@ioactive.co.uk
19. TECHNOLOGY
(it’s pretty basic really ...)
a. Segment your network !!
b. Use PGP (and train your people to use it)
c. Log everything you could possibly need
d. Full network captures are helpful!
e. How far can you take FOSS?
f. Complement with commercial products.
g. Train, train, train, train, train, train,...
(some demos)
Wim Remes - wim.remes@ioactive.co.uk
21. In a real war you don’t fight soldiers with
cleaning ladies, you fight with soldiers. In a
cyberwar, you fight hackers with hackers.“
”Thank you
Wim Remes - wim.remes@ioactive.co.uk