Event banner

Microsoft Detection and Response Team (DART) AMA

Event Ended
Tuesday, Mar 15, 2022, 09:00 AM PDT
In-Person

Event details

We are very excited to announce our Microsoft Detection and Response Team (DART) AMA!   About DART: Our job is to respond to compromises and help our customers become cyber-resilient. This is al...
Trevor_Rusher
Updated Feb 16, 2022
AMA
DigtalNathan's avatar
DigtalNathan
Copper Contributor
Mar 15, 2022
Thanks for hosting the AMA, DART Team. I'd like to know, as you're wrapping up an engagement, what are the most frequent tips you find you give clients in the spirit of: "If you had done {x} before this incident, it would have been easier for us to help you recover...." I know sadly it probably isn't a true assumption, but so we get best value from your answers to this, let us assume everyone is already well on top of their game when it comes to a) making appropriate backups and keeping them out of attacker reach, and b) centralised log collection and management. If those were nailed, what else would be your top tips?
eolson's avatar
eolson
Icon for Microsoft rankMicrosoft
Mar 15, 2022
Know your business applications and their dependencies. When we ask you to take down a SQL Server because of an indicator of compromise, what's going to be the impact? What applications will be unavailable to your organization? Do you know all of your service accounts and their passwords? What would be the level of effort to reset those passwords?
Date and Time
Mar 15, 20229:00 AM - 10:00 AM PDT