Incident detection and response

In this video, explore hunt teams, analysis techniques—behavioral and heuristical—, and establishing a review system for logs and events to find incidents.

- [Narrator] To facilitate incident detection and response,…it's important to be actively looking…for incidents in your network.…There are three major ways to systematize your efforts…and detect new incidents, utilizing hunt teams,…selecting the correct analysis techniques,…and establishing a log and event review system.…In a previous lesson we talked about…the blue team and the red team,…but what exactly is a hunt team?…Well a hunt team is a group of cybersecurity professionals…who focus on finding an adversary…who's already on your network,…whether you know they're there or not.…

The hunt team works under…the security operations center in the organization.…They search through event and log files…to determine where a malicious actor…could be hiding inside your network.…The hunt team works to identify any internal…or external violations of your network security policy,…as well as violations of your privacy policy.…They are also responsible for locating insider threats,…which are extremely challenging since…the user has the authorize credentials already in place.…

Resume Transcript Auto-Scroll

Author

Jason Dion

Skill Level Advanced

1h 56m

Duration

9,295

Views

Show More Show Less

Related Courses

Introduction
- Enterprise Security Operations
  1m 49s
- What you should know
  1m 18s
- About the exam
  1m 42s
1. Security Assessments
- What are security assessments?
  1m 40s
- Vulnerability assessments
  4m 20s
- Physical security assessments
  1m 40s
- Malware analysis
  2m 21s
- Penetration testing
  2m 26s
- Penetration testing methods
  3m 8s
- Penetration testing steps: Reconnaissance
  1m 41s
- Penetration testing steps: Fingerprinting
  1m 51s
- Penetration testing steps: Exploitation
  2m
- Penetration testing steps: Pivoting and covering tracks
  1m 59s
- Penetration testing steps: Social engineering
  2m 52s
- Internal vs. external audits
  1m 37s
- Self-assessments: Team exercises
  1m 31s
- Code reviews
  2m 38s
2. Tools Used in Security Assessments
- What kinds of tools do we use for security assessments?
  1m 8s
- Port scanners
  1m 36s
- Vulnerability scanners
  1m 14s
- Protocol analyzers
  1m 26s
- SCAP scanners and tools
  57s
- Network enumerator
  1m 52s
- Password crackers
  1m 23s
- Fuzzer
  1m 9s
- HTTP interceptor
  1m 6s
- Exploitation tools and frameworks
  1m 14s
- Visualization tools
  1m 43s
- Log reduction and analysis tools
  1m 31s
- File integrity monitoring and antivirus
  1m 26s
- Command line tools
  1m 20s
- Physical security tools
  1m 38s
- Reverse engineering tools
  1m 2s
3. Incident Response
- Why are incident response and recovery so important?
  1m 11s
- E-discovery
  1m 43s
- Electronic inventory and asset control
  1m 57s
- Data retention policies
  1m 55s
- Data recovery and storage
  1m 34s
- Data ownership
  2m 44s
- Data handling
  2m 41s
- Legal holds
  1m 27s
- Data breach
  4m 59s
- Incident detection and response
  2m 9s
- Incident and emergency response
  1m 19s
- Chain of custody
  4m 3s
- Forensic analysis
  2m 5s
- Order of volatility
  1m 33s
- Continuity of operations and disaster recovery
  1m 28s
- Severity of the incident
  3m 1s
- Incident response team
  1m 57s
- Post-incident response
  3m 5s
4. Tools Used in Incident Response and Recovery
- Tools used in incident response
  1m 23s
- Disk imaging
  2m 18s
- Network packet capture and analysis
  1m 41s
- nbtstat and netstat
  1m 12s
- Netcat
  1m 2s
- Memory forensics
  1m 14s
- File carving
  1m 12s
- FTK and EnCase
  1m 12s
- Specialized tools for mobile devices
  1m 32s
Conclusion
- Next steps
  4m 48s

Show MoreShow Less

Take notes with your new membership!

Type in the entry box, then click Enter to save your note.

1:30Press on any video thumbnail to jump immediately to the timecode shown.

Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.

Start My Free Month

Skills covered in this course

Security IT

Lynda.com is now LinkedIn Learning!

To access Lynda.com courses again, please join LinkedIn Learning

Categories

3D + Animation Topics

3D + Animation Software

3D + Animation Learning Paths

Audio + Music Topics

Audio + Music Software

Audio + Music Learning Paths

Business Topics

Business Software

Business Learning Paths

Business Guides

CAD Topics

CAD Software

CAD Learning Paths

Design Topics

Design Software

Design Learning Paths

Developer Topics

Developer Software

Developer Learning Paths

Education + Elearning Topics

Education + Elearning Software

Education + Elearning Learning Paths

IT Topics

IT Software

IT Learning Paths

Marketing Topics

Marketing Software

Marketing Learning Paths

Photography Topics

Photography Software

Photography Learning Paths

Video Topics

Video Software

Video Learning Paths

Web Topics

Web Software

Web Learning Paths

Web Guides

Incident detection and response

Author

Skill Level Advanced

Duration

Views

Related Courses

CASP+ Cert Prep: 1 Risk Management

CompTIA Security+ (SY0-501) Cert Prep: 1 Threats, Attacks, and Vulnerabilities

CompTIA Security+ (SY0-501) Cert Prep: 2 Technologies and Tools

CompTIA Security+ (SY0-501) Cert Prep: 3 Architecture and Design

CompTIA Security+ (SY0-501) Cert Prep: 5 Risk Management

Introduction

1. Security Assessments

2. Tools Used in Security Assessments

3. Incident Response

4. Tools Used in Incident Response and Recovery

Conclusion

Take notes with your new membership!

Skills covered in this course

Continue Assessment

Start My Free Month