Key incident response skills

What should an incident response specialist be able to do and how can they improve their skills?

When a company is suffering from a cyberattack or corporate data is leaked, the business frantically tries to solve two problems: minimize the damage and return to normal workflow as soon as possible. The main burden of solving those problems falls on the incident response team.

The efficiency of their actions will affect not only how quickly the source of the problem will be found, but also how reliably the company will be protected from a recurrence of the incident. After all, modern cybercriminals are trying to obstruct the investigation and destroy traces of their presence in the victim’s infrastructure, so without accurate identification of the entire attack chain, reliable protection against the same malicious tactics cannot be guaranteed in the future.

Our experts have identified a set of key skills required for an incident response specialist:

  • Incident detection
  • Evidence acquisition
  • Log file analysis
  • Network analysis
  • Creation of indicators of compromise
  • Memory forensics

To upgrade the skills of cyber incident response teams, Kaspersky Lab created the Windows Incident Response online course. It draws on the experience of our Global Emergency Response Team (GERT) experts who have been fighting advanced cyberthreats around the world for over 12 years.

The course will be led by two practicing experts from the GERT team who will share their personal experience. Among other things, students will be able to explore the process of identifying an incident using the REvil ransomware attack case as an example.

Course subscribers will be able to not only watch 40 video lessons, but also to gain practical skills in a virtual environment, having mastered all the necessary tools such as ELK stack, PowerShell, Suricata, YARA and others. The estimated training duration is approximately 15 hours, but participants will be given 100 hours of access to the virtual lab and six months to complete the course.

The course is designed for professionals with basic knowledge and experience in Windows troubleshooting. They also should be familiar with Linux OS commands. You can learn more about the Windows Incident Response course on its page on the Kaspersky Expert Training portal.