It's 2019. Cyber attacks have no sign of slowing down, nation states are ramping up old groups while bringing new soldiers to the battlefield, and there's little - if any - consequences for those who launch these attacks. To make matters worse, we have annoyances like ransomware and O365 compromises running around, which are keeping our IR teams distracted. Sometimes it feels like there's no solution in sight.
It's time to confront the problem head on - it's time to start moving faster than our attackers. In this talk, let's examine how to bring the six-step incident response process to the _entire_ organization - at scale, and at warp speed. Let's also examine critical gaps in IR processes that are allowing attackers to remain inside the environment, preventing your IR team from ever reaching the remediation and recovery steps. It's time to kick the attacker out, once and for all.