In a perfect world, all the firewalls, network security tools, and advanced agent-based DevSecOps platforms would all be 100% effective, and no attacker would ever get through. Even if all those layers keep the most 1337 haxxor at bay, the fact remains that 88% of all malware gets installed by someone clicking a link in a phishing email; things are going to get through. While it can be easy to play the blame game and try to get even more budget to harden our perimeters, the truth is we are now in a different era of cybersecurity. It is time to admit it is not a matter of 'if' they get in; it is a matter of 'when.'

This shift means changing our mindset from guarding the doors and windows to launching decoys, upping our intrusion detection reaction times, better educating the whole company about ever-evolving risks, and making sure we consistently know what to do when breaches happen.

This session will cover some of the recent breaches, taking a look at the standard operating procedures most attackers follow. We will then look at how to use off-the-shelf tools to better defend our true holy grails and react so fast and with such efficiency that we will win round after round as we make our attacker's job very difficult.