Matt Shannon, creator of Nigilant32 and F-Response, was recently interviewed for SearchSecurityChannel.com, making the case of "live" incident response. This is a point that Matt and others have been trying to make for some time now, and Matt's statements in the article repeat the rational behind this sort of approach. Responders need to evolve their approach, addressing risk and threats in the face of business needs. Matt made an excellent point that he's not taking anything away for the incident response process, but "often there's a better way to do it." He's absolutlely right about that!For those of you out there who still aren't convinced how useful and revolutionary F-Response is, check out this post from Matt, and get back to me. Please.
I will be
speaking with Larry Daniel on his TalkForensics BlogTalkRadio show on 10 May. In my pre-interview discussion with a member of Larry's staff, we talked about Registry analysis and timeline analysis as some possible topics for the talk show. Any thoughts? Also, be sure to check out the shows that are already available.
No comments:
Post a Comment