Julien Vehent, Senior Operations Security Engineer, Mozilla
MIG is a platform to perform investigative surgery on
remote endpoints. It enables investigators to obtain
information from large numbers of systems in parallel,
thus accelerating investigation of incidents and day-to-day
operations security, while preserving privacy and security
of the infrastructure. It's an army of Sherlock Holmes,
ready to interrogate an infrastructure within seconds. This
talk will introduce MIG, the problems it solves, its design
goals and server-agent model, and how it is used at Mozilla.
The audience will learn how Indicators of Compromise
(IOCs) can be searched for across thousands of systems
within seconds (MIG can query thousands of systems
in about 10 seconds on average). During the talk, the
audience will be given elements to install and operate MIG
in their own environments.

Julien Vehent, Senior Operations Security Engineer, Mozilla
Julien designs and builds defense systems in the Operations Security team at Mozilla. His background is in risk management, linux engineering and large web service architecture. At Mozilla, he leads the MIG project, but also perform security reviews and incident response on the infrastructure that serves millions of Firefox users. @jvehent

Download Slides Here:

http://digital-forensics.sans.org/com...


For more incident response training courses at SANS: http://www.sans.org/course/advanced-i...