TARGETED INTRUSION REMEDIATION: LESSONS FROM THE FRONT LINES

Black Hat USA 2012

Presented by: Jim Aldridge
Date: Thursday July 26, 2012
Time: 15:30 - 16:30
Location: Augustus III+IV
Track: Defining the Scope

Successfully remediating a targeted, persistent intrusion generally requires a different approach from that applied to non-targeted threats. Regardless of the remediation actions enacted by victim organizations, experience has shown that such threats will continue to target certain organizations. In order to be successful against these types of threats, organizations must change the way they think about remediation. This presentation outlines a model to guide tactical and strategic security planning by focusing efforts on the following three goals:

Jim Aldridge is a Manager in Mandiant's Washington, D.C. office and is responsible for Mandiant's incident remediation services, which involve helping Mandiant clients effectively recover from intrusions. In the past 12 months, Jim led the remediation activities for a dozen targeted threat intrusions. Nearly all these cases involved APT threat actors.

Jim Aldridge

Jim Aldridge is a Manager in Mandiant's Washington, D.C. office and is responsible for Mandiant's incident remediation services. His areas of expertise include security incident response, penetration testing, security strategy, and secure systems and network design. Jim has significant experience working with the defense industrial base, technology, and industrial products sectors.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats