Beyond 'Check The Box' Powering Intrusion Investigations

View Recording

Thursday, October 1, 2015
11:00 HRS PT/14:00 HRS ET
60 minutes, including Q&A

Brought to you by:

Beyond 'Check The Box' - Powering Intrusion Investigations - by Jim Aldridge
Social Media - Friend or Foe? - by ZeroFOX

Many organizations have implemented robust security tool suites and “checked the box” on security logging standards. Yet many of these same organizations have not considered how these tools would effectively support an incident investigation effort. This presentation outlines five must-have capabilities for conducting enterprise-wide incident response. A real-world case study accompanies the discussion of each capability.

1. Mapping an IP address to a hostname
2. Identifying the systems to which a specified account authenticated
3. Determining the systems that communicated with a specified Internet IP address
4. Tracking domain name resolution attempts
5. Identifying indicators of compromise across the environment


Jim AldridgeJim Aldridge

Jim Aldridge is a Director in Mandiant’s New York City office. He focuses on incident response, security operations center enhancement, penetration testing and strategic security consulting engagements. Mr. Aldridge has significant experience working with the defense industrial base, in addition to companies in the manufacturing, natural resources, and technology sectors.

Sponsor Presenter:

Evan BlairEvan Blair

Evan Blair is a Co-Founder and the Chief Business Officer at ZeroFOX. Prior to that, Evan was a member of the Accuvant Leadership Team where he led the multi-million dollar Partner Solutions practice. At the time of his departure, Accuvant was the 2nd largest privately held cyber security solutions provider, had recognized over $1 billion in revenue since inception, and had capabilities with over 175 global partners. He began his career as a financial analyst with Dresdner Kleinwort in Manhattan, NY and holds a BA in Economics from Wake Forest University.


  • Black Hat USA 2017
    July 22-27, 2017
  • Black Hat Europe 2017
    December 4-7, 2017
  • Black Hat Asia 2018
    March 20-23, 2018



Fill out the form below to stay up to date on the latest Black Hat info, newsletters and intel.

First Name
Last Name
Subscription Group

Sustaining Partners