Investigating Cybersecurity Incidents using Full Packet Capture

Investigating Cybersecurity Incidents using Full Packet Capture

Blog | Presentation

Investigating Cybersecurity Incidents using Full Packet Capture

Cybersecurity Incident Response requires technical expertise, the right tools, and a trained investigative eye. On Monday, January 6th, Michael McAndrews, our Vice President of Network Security Services and former FBI Special Agent, walked the audience at the Southwest CyberSec Forum through the process we used to investigate and resolve a recent international cybersecurity incident.

The PacketWatch incident response team used a combination of full packet capture, forensic collection tools, and CrowdStrike Falcon EDR technologies to identify abnormal host activity and malicious network traffic. Analyzing packet-level data over time helps uncover anomalous activity that is often missed by traditional toolsets. This PacketWatch case study described the plan we executed, highlighting the need for advanced incident response tools to mitigate and eradicate the malicious activity.

There was a strong turnout for the CrowdStrike-sponsored event held at the University of Advanced Technology (UAT) theater in Tempe. One of the attendees shared his thoughts after seeing Michael’s presentation:

“Michael’s story was fascinating. It really hits home when you see shades of your own organization in security incidents like the one he described. Most IT departments would have to deploy an assortment of tools to gather the kind of granular information collected by PacketWatch. This case study showed how having access to both historical and active network data in a single platform enabled responders to achieve successful mitigation quickly. Without the visual analysis of network patterns provided by PacketWatch, doing this level of investigation would be daunting.”

You can watch Michael’s presentation “The Need for Advanced Incident Response Tools and Capabilities” on the Southwest CyberSec Forum YouTube page (43 min).

Michael regularly educates cybersecurity professionals at events, forums, and national conferences. If you would like him to talk with your audience or need help investigating an incident, please Contact Us.

“Michael’s story was fascinating. It really hits home when you see shades of your own organization in security incidents like the one he described.”

Southwest CyberSec Forum | January 2020

Southwest CyberSec Forum | January 2020

Blog | News

Southwest CyberSec Forum | January 2020

We are excited to kick-off the new year with a presentation from Michael McAndrews to the members of the Southwest CyberSec Forum on Monday, January 6, 2020.  Michael’s presentation “The Need for Advanced Incident Response Tools and Capabilities” will use actual scenarios from a WGM/Crowdstrike international incident response engagement.

He will discuss incident response and how full network packet capture and endpoint detection and response technologies can be leveraged together as a powerful combination to improve the investigative and remediation process.

The event is sponsored by Crowdstrike who will present on the current e-crime landscape and procedures used by APT actors. Their presentation will cover the tactics, techniques, and procedures used by Wizard Spider and their TrickBot, Ryuk, and AnchorDNS malware families.

Southwest CyberSec Forum
University of Advancing Technology Theater
2625 W Baseline Rd, Tempe, AZ 85283
Meeting: 6:00pm–9:00pm

Pizza and drinks will be provided from 6:00-6:30pm
Free Admission – No RSVP Necessary
Open to the public and UAT students

Expected Attendance:
70-100 people from private and public sector organizations

Event Details | Join SWCSF Mailing List

Michael McAndrews Presents Dark Web Keynote

Michael McAndrews Presents Dark Web Keynote

Blog | News

Michael McAndrews Presents Dark Web Keynote

Another brilliant presentation on the Dark Web by Michael McAndrews of WGM Associates LLC at the Arizona Technology Council Cybersecurity Summit. Great crowd! Michael said, “These attendees had some of the best questions I’ve been asked in years.”

Have you ever wondered what really happens on the Dark Web? Michael’s presentation removed the mystery and demonstrated how to safely access some of the most hidden places on the Internet. He also introduced the audience to some of the tools, technologies, and methods that criminals use to anonymously process illegal transactions in Darknet Markets.

If you have questions about your cybersecurity strategy, policies, or tools give us a call or fill out our Contact Us form.