Speakers: Brian Casper and Russ McRee
Incident response in large production environments is challenging enough. Add layers of virtualization, a constantly dynamic state, as well as a broad external customer base and the challenges deepen exponentially.
This presentation aims to provide recommendations and guidance based on experience and information gathered while conducting incident response in such environments including large virtualized caching networks and cloud-based services. Logging, tooling, forensic methods, and egress-based network security monitoring are amongst the topics to be discussed. This presentation also intends to allow active discussion with participants to share their experiences.