MSI Exec and the Ransomware Attack

Is your organization ready to respond to a security incident? Richard talks to Paula Januszkiewicz about her experience helping organizations respond effectively when a security incident occurs. Paula talks about detection - attackers often have breached your infrastructure months before their attacks become visible. Once you've detected a potential breach, the next steps are to determine where the breach comes from, or as Paula says, who is patient zero? And what are the indicators of compromise? It's not enough to slam the door shut on an attack - how do you keep it from happening again? The conversation explores the idea of threat hunting, of understanding what the black hats are doing by being able to respond effectively to isolate exploited machines but not necessarily shut them down. An attack is an opportunity - seize it!
Links:

• Cqure
• Attack Surface Reduction Rules
• Local Administrator Password Solution
• Security Information and Event Management
• Azure Sentinel

Recorded April 4, 2023