To Automate or Not To Automate: That is the Incident Response Question

To Automate or Not To Automate:
That is the Incident Response Question

We all know that the number of security incidents is increasing at alarming rates and automation is often brought up as a critical part of the solution. Automation promises faster and consistent responses, but are the responses better? Does automation solve all incident
response problems?

In this talk, we address these questions (spoiler alert: sometimes automation is great and sometimes it isn’t). We’ll talk about the phases of incident response, what can and should be automated, and the associated risks. We’ll also talk about the kinds of tools needed to automate those phases.

This talk will, hopefully, be interactive. We’ll be looking to the audience for their positive and negative experiences with automation during their responses. Come to this talk to learn about automating your response and to share your automation experiences.

Technology

Dr. Brian Carrier
Brian Carrier leads the digital forensics team at Basis Technology, which builds software for incident response, digital forensics, and custom mission needs. He is the author of the book File System Forensic Analysis and a developer of several open-source digital forensics analysis tools, including The Sleuth Kit and Autopsy. Brian has a Ph.D. in computer science from Purdue University and worked previously for @stake as a research scientist and the technical lead for their digital forensics lab and incident response
team. Brian is the chair person for the Open Source Digital Forensics Conference (OSDFCon) and on the committees of many conferences, workshops, and technical working groups, including the annual DFRWS conference and the Digital Investigation Journal.