To shift from reactive to active defense mode, organizations need to get better at both threat-hunting and incident response. Tim Bandos of Digital Guardian discusses the tools and skills that are needed.
As he assesses organizations, he finds that far too many simply lack an incident response plan before they need one, says Bandos, Senior Director of Cybersecurity at Digital Guardian.
"A lot of organizations do not create or further develop an IR process in hopes that maybe nothing ever happens to them," Bandos says. "And this is one of the worst things you can do, because when an incident really does occur, it turns into panic mode."
In an interview about improving defense, Bandos discusses:
- Common defensive vulnerabilities;
- The threat-hunting fundamentals;
- The business case for outsourcing incident response.
Bandos is the Director of Cybersecurity for Digital Guardian. He has over 15 years of experience in the cybersecurity realm with a heavy focus on Internal Controls, Incident Response & Threat Intelligence. He recently joined Digital Guardian after spending time "on the other side of the equation" overseeing an incident response team for a global manufacturer. His role at Digital Guardian is to further build out the Managed Service Program (MSP) to deliver advanced threat protection to our global customer base. He brings a wealth of practical information gained from tracking and hunting advanced threats targeted at stealing sensitive data and is leveraging that contextual knowledge by building it into behavioral based detection signatures and rules for Digital Guardian MSP customers.