Tencacious Adversaries

Dealing with an active, dedicated adversary during an incident is very different than what many consider the more “traditional” incident response process of finding and removing malware. The traditional approach to incident response has been to remove the malware, or to go as far as re-imaging the system and placing it back into service in a “known-clean” state.  However, dedicated adversaries are adept at persisting within a compromised infrastructure and because of this, the speed at which organizations detect and respond to these threats is critical.