Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Incident investigation goals

Copper Contributor

While this suite appears capable of intervention and capturing enough information to detect another incident, and then automate a remediation to mitigate future attacks, it does not cover the root goal: the apprehension of the culprit. If no one is looking to prosecute the offender, and remains satisfied with the speedy catch and release profile, then there is no motivation to cease and desist and the perpetuation of the behavior is reinforced, as failure is statisticly unobtainable.  One would just keep it up until they succeed.  The consolidation of best practices should render all this moot, but for the follow through. Render some content on what is required to obtain as evidence, maintain the chain of custody loging, and establish a case to go to trial. The authorities won't investigate until the breach is a sizeable sum, but some of us don't have that much to loose, so it's open season without a game warden.

0 Replies