FireEye presentation

Details on North Korean Regime backed Threat Group = steal dollars from financial 

Fake News accounts on Facebook = designed to incite people  

Event = observed occurrence in an information system that actually happened, don't know if malicious, don't know if data has left company

  • An email
  • A phone call
  • A System Crash

Incident = Adverse event in an information system, it includes the significant threat of the event, it implies harm or the attempt to harm.

  • Violation of an explicit or Implied security policy
  • Attempts to gain unauthorized access
  • Unwanted denial of resources
  • Unauthorized use of system or resource, an intrusion
  • Changes made without an owners knowledge or consent

Breach = A confirmed Incident that results in confirmed disclosure of data to an unauthorized party. 

Incident Response Cycle


  • Incident Response Plan (IR Plan) = Who do you notify? 

Detection and Analysis

Containment Eradication & Recovery

Post-Incident Activity

Existing Security Controls

IPS = snort