Mastering IR Sniping A Deliberate Approach to Cybersecurity Investigations with Chris Brewer
Sep 7, 2023
auto_awesome
In this episode, Chris Brewer, Director at Unit 42, shares insights on "IR Sniping," a targeted approach in cybersecurity investigations. He discusses guiding principles, the benefits of IR sniping, and the importance of analyzing data. Tune in for expert strategies to enhance your incident response tactics!
IR sniping is a deliberate and targeted methodology that accelerates cybersecurity investigations by focusing on four key questions: what data was taken, is the attacker still present, what is the lateral movement, and how did they gain access?
IR sniping assigns workstream leads to specific questions, repeats investigative steps, and prioritizes important information, resulting in quicker resolutions and improved quality control in incident response investigations within 72 hours.
Deep dives
IR sniping: A targeted and deliberate approach to investigations
IR sniping is a methodology that involves taking a targeted and deliberate approach to investigations, particularly in cases with large numbers of hosts. The guiding principles of this methodology, such as the LOKARED exchange principle and Occam's razor, emphasize the importance of leaving traces behind during criminal activity and seeking the simplest explanation. IR sniping helps investigators achieve better and faster results by focusing on four key questions: what data was taken, is the attacker still present, what is the lateral movement, and how did they gain access? This approach allows for efficient allocation of resources and effective analysis of data, resulting in quicker resolutions.
Better results and faster investigations with IR sniping
IR sniping provides better results and speeds up investigations by assigning workstream leads to focus on specific questions. By repeating the investigative steps and constantly revisiting the data, this methodology ensures a thorough review and improve the quality control process. By prioritizing the important information and eliminating extraneous noise, IR sniping helps resolve most incident response investigations within 72 hours. Those interested in learning more about IR sniping can find a recorded presentation on YouTube under 'Cactus Con 2023' or access additional resources on the GitHub platform. Connecting with Chris Brewer, an expert in this field, on LinkedIn is also recommended.
Discover a groundbreaking approach to incident response in our latest episode of Threat Vector. Chris Brewer, Director at Unit 42, delves into the world of "IR Sniping" – a deliberate and targeted methodology that accelerates investigation results.
Explore the guiding principles, focused questions, and real-world applications that make "IR Sniping" a game-changer in the realm of cybersecurity. Tune in now for expert insights and strategies to enhance your incident response tactics!
Watch Chris present on IR Sniping at CactusCon
https://www.youtube.com/live/bPMAusbODK0?feature=share&t=20947
Please share your thoughts with us for future Threat Vector segments by taking our brief survey.
To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin.
Join the conversation on our social media channels:
Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape.
PALO ALTO NETWORKS
Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. http://paloaltonetworks.com
Get the Snipd podcast app
Unlock the knowledge in podcasts with the podcast player of the future.
AI-powered podcast player
Listen to all your favourite podcasts with AI-powered features
AI-powered podcast player
Listen to all your favourite podcasts with AI-powered features
Discover highlights
Listen to the best highlights from the podcasts you love and dive into the full episode
Discover highlights
Listen to the best highlights from the podcasts you love and dive into the full episode
Save any moment
Hear something you like? Tap your headphones to save it with AI-generated key takeaways
Save any moment
Hear something you like? Tap your headphones to save it with AI-generated key takeaways
Share & Export
Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more
Share & Export
Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more
AI-powered podcast player
Listen to all your favourite podcasts with AI-powered features
AI-powered podcast player
Listen to all your favourite podcasts with AI-powered features
Discover highlights
Listen to the best highlights from the podcasts you love and dive into the full episode
Discover highlights
Listen to the best highlights from the podcasts you love and dive into the full episode