Microsoft Threat Intelligence Podcast

Throwing Darts in the Dark With Microsoft Incident Response

Feb 28, 2024

Exploring threat actors' techniques and incident response challenges. Insights into Octo Tempest. The dynamic nature of incident response work. Managing emotions in high-pressure situations. Teamwork and collaboration in cybersecurity. Importance of comprehensive data collection. Unpacking persistence and dwell time in cyber attacks. Personal narratives in the journey to cybersecurity. Promoting diversity in Microsoft's incident response team.

44:13

Creator website

Episode guests

Stella Aghakian

Holly Burmaster

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Threat actors' dwell times vary, with some favoring quick attacks and others opting for prolonged covert activities within networks.

Comprehensive event logs and data sets like scheduled tasks are crucial for reconstructing timelines and tracking threat actor activities in incident response work.

Deep dives

Dwell Time Variability Among Threat Actors

Threat actors exhibit varying dwell times, with some opting for quick smash-and-grab attacks, completing within 24 hours, while others prefer longer stays to explore high-value assets. The dichotomy in strategies results in either swift exits or prolonged covert activities within compromised networks.

Introduction

2min

Exploring Threat Actors and Incident Response Challenges

17min

Collaboration with Mystic Hunt Team and Casey 7 Cybersecurity Education Platform

6min

Importance of Comprehensive Data Collection for Incident Response

3min

Unpacking Persistence and Dwell Time in Cybersecurity Attacks

8min

Journey to Cybersecurity

5min

Promoting Diversity and Expertise in Microsoft's Incident Response Team

3min

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Stella Aghakian and Holly Burmaster. They explore the intrigue of watching threat actors and their techniques and walk through these techniques and how they are educational and critical in threat intelligence work. They also discuss their experiences at Microsoft Ignite, insights into the cyber threat actor Octo Tempest, and personal reflections on threat intelligence and favorite threat actors. Both Stella and Holly discuss how they thrive on the uncertainty and variety of their work despite the long hours and high pressure but appreciate the supportive team environment that helps them.

In this episode you’ll learn:

Challenges of incident response when dealing with destructive threat actors
Difficulty in managing the emotional aspects of incident response
The unpredictability and dynamic nature of incident response work

Some questions we ask:

How is the workflow structured in incident response teams?
What traits are crucial for excelling in the high-pressure world of incident response?
Do Dart and Mystic teams collaborate in incident responses?