Advanced Malware and Incident Response
Malware keeps getting more sophisticated and successful, using multiple techniques of obfuscation and hiding in encryption to mask its nasty intent. The traditional "identify and block" model is simply no longer adequate. What's needed today is a more holistic strategy of monitoring the entire environment, detecting intrusion attempts, and responding to successful attacks quickly and effectively.
If you're a security administrator, chances are you already realize that events are happening at all times, everywhere around you. You need a way to not only spot the truly dangerous ones, but also respond to and mitigate them quickly. This requires visibility into and control over all layers of your security posture, the formulation of a consistent and effective response to incidents and events, and the ability to automate the remediation process. This, in turn, requires the ability to look back in time, see what deviated between then and now, and implement an automated remediation solution. It's also very important to learn from the unsuccessful attacks on your environment as well. Each attack that you detect gives you vital information about your attackers: tools, techniques, and procedures that can help you ensure your defensive layers are adaptive and increase the efficacy of your controls.