Beyond 'Check The Box' Powering Intrusion Investigations

Thursday, October 1, 2015

11:00 AM - 12:00 PM PDT

60 minutes, including Q&A

Beyond 'Check The Box' - Powering Intrusion Investigations - by Jim Aldridge
Social Media - Friend or Foe? - by ZeroFOX

Many organizations have implemented robust security tool suites and "checked the box" on security logging standards. Yet many of these same organizations have not considered how these tools would effectively support an incident investigation effort. This presentation outlines five must-have capabilities for conducting enterprise-wide incident response. A real-world case study accompanies the discussion of each capability.

  1. Mapping an IP address to a hostname
  2. Identifying the systems to which a specified account authenticated
  3. Determining the systems that communicated with a specified Internet IP address
  4. Tracking domain name resolution attempts
  5. Identifying indicators of compromise across the environment

Brought to you by:



Jim Aldridge

Jim Aldridge

Jim Aldridge is a Director in Mandiant's New York City office. He focuses on incident response, security operations center enhancement, penetration testing and strategic security consulting engagements. Mr. Aldridge has significant experience working with the defense industrial base, in addition to companies in the manufacturing, natural resources, and technology sectors.

Sponsor Presenter:

Evan Blair

Evan Blair

Evan Blair is a Co-Founder and the Chief Business Officer at ZeroFOX. Prior to that, Evan was a member of the Accuvant Leadership Team where he led the multi-million dollar Partner Solutions practice. At the time of his departure, Accuvant was the 2nd largest privately held cyber security solutions provider, had recognized over $1 billion in revenue since inception, and had capabilities with over 175 global partners. He began his career as a financial analyst with Dresdner Kleinwort in Manhattan, NY and holds a BA in Economics from Wake Forest University.

Sustaining Partners