Incident Response Dilemmas: Sharing Intel Across Sectors in Critical Times

By /

Listen to this Post

Erez Lieberman, a former Cybercrime Federal Prosecutor, will be speaking at the RSAC 2025 Conference in a live session titled “Incident Response Dilemmas: Sharing Intel Across Sectors in Critical Times.” The session will focus on improving incident response processes, avoiding financial crises due to downtime in financial services, and enhancing information sharing across sectors. Panelists include Todd Conklin (Federal Reserve), Heather Hogsett (Bank Policy Industry), and Ann Johnson (Microsoft).

You Should Know:

1. Incident Response Plan (IRP):

  • Ensure your organization has a well-documented IRP.
  • Use the following command to list all running processes on a Linux system to identify suspicious activity: 
    ps aux | grep suspicious_process_name
  • On Windows, use Task Manager or PowerShell: 
    Get-Process | Where-Object { $_.ProcessName -eq "suspicious_process_name" }

2. Network Monitoring:

  • Use tools like Wireshark or tcpdump to monitor network traffic for anomalies: 
    sudo tcpdump -i eth0 -w capture.pcap
  • Analyze the captured file using: 
    tcpdump -r capture.pcap

3. Information Sharing:

  • Use Threat Intelligence Platforms (TIPs) like MISP to share threat data across sectors.
  • Install MISP on Ubuntu: 
    sudo apt-get update 
sudo apt-get install misp

4. Backup and Recovery:

  • Regularly back up critical data using rsync on Linux: 
    rsync -avz /path/to/source /path/to/destination
  • On Windows, use Robocopy: 
    robocopy C:\source D:\destination /MIR

5. Incident Reporting:

  • Use SIEM tools like Splunk or ELK Stack to automate incident reporting.
  • Install ELK Stack on Ubuntu: 
    sudo apt-get install elasticsearch kibana logstash

What Undercode Say:

Effective incident response requires a combination of preparedness, real-time monitoring, and collaboration. By leveraging tools like tcpdump, MISP, and ELK Stack, organizations can enhance their ability to detect, respond to, and recover from cyber incidents. Sharing threat intelligence across sectors is crucial to building a resilient cybersecurity ecosystem.

Relevant URLs:

References:

Reported By: Erez Liebermann – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: