Over 80% of all breach victims learn of a compromise from third-party notifications, not from internal security teams. In most cases, adversaries have been rummaging through your network undetected for months or even years.
Incident response tactics and procedures have evolved rapidly over the past several years. Data breaches and intrusions are growing more complex. Adversaries are no longer compromising one or two systems in your enterprise; they are compromising hundreds. Your team can no longer afford antiquated incident response techniques that fail to properly identify compromised systems, provide ineffective containment of the breach, and ultimately fail to rapidly remediate the incident.
A thorough understanding of many detailed areas is required for success, including a mastery of the following fundamental skills covered by the SANS Digital Forensics and Incident Response (DFIR) curriculum:
- Hunting for the adversary before and during an incident across your enterprise
- In-depth digital forensics knowledge of the Microsoft Windows and Apple OSX operating systems
- Examine portable smartphone and mobile devices looking for malware and digital forensic artifacts
- Incorporate network forensics into your investigations, provide better findings, and get the job done faster
- Leaving no stone unturned by incorporating memory forensics during your investigations
- Understand the capabilities of malware to derive threat intelligence, respond to information security incidents, and fortify defenses
- Identify, extract, prioritize, and leverage cyber threat intelligence from advanced persistent threat (APT) intrusions
A properly trained incident responder could be the only defense an organization has during a compromise. As a forensics investigator, you need to know what you're up against, and you need to have the most up-to-date knowledge of how to detect and fight it - that is what SANS DFIR classes will teach you.