Skip to Main Content
All Trimarc services are now delivered through TrustedSec! Learn more

Incident Response: Lessons From the Front Lines

Join Incident Response Practice Lead Carlos Perez for a discussion on how sophisticated threat actors exploit organizational blind spots and process gaps. He will reveal the exact moments when response efforts succeed or fail, sharing insights that only come from being in the trenches during active incidents.

By Carlos Perez
October 15, 2025
Watch now
Incident Response Incident Response & Forensics

Don’t let your security stack fail you when ransomware hits. Despite millions invested in endpoint detection and response (EDR) solutions, approval workflows, and trained analysts, ransomware crews and Business Email Compromise (BEC) attackers continue to devastate organizations worldwide. During our next webinar, we'll draw from recent, anonymized investigations to expose the most devastating failure patterns our Incident Response team has encountered in the field.

In this live session, you will learn:

  • Best practices for Incident Response that work under pressure
  • Common mistakes that could turn containable incidents into disasters
  • Recent observations on evolving ransomware attack patterns
  • Practical strategies for strengthening your security posture today

Join Incident Response Practice Lead Carlos Perez for a discussion on how sophisticated threat actors exploit organizational blind spots and process gaps. He will reveal the exact moments when response efforts succeed or fail, sharing insights that only come from being in the trenches during active incidents.

Carlos will specifically unpack thin telemetry EDRs with no 'what now?' playbook in place, approval chains that stall containment, analysts RDP’ing into active encryptors, stealthy exfiltration to Azure Blob and Amazon S3, and social-engineering plays that nudge Help Desks into bypassing protocol. You’ll leave with actionable items and the confidence to improve your Incident Response protocols. Register now!

Watch now

Learn more about our Incident Response services.

Webinar Summary

Incident Response Webinar-Lessons From the Front Lines

Attackers are moving faster than ever, cutting the time from initial access to encryption down to only a few hours. In this 2025 Incident Response Webinar: Lessons From the Front Lines, TrustedSec’s Carlos Perez and the IR team unpack the newest attacker tactics and share firsthand insights from real-world breach investigations.

Viewers will learn how modern ransomware and business email compromise operations exploit edge devices, Microsoft Teams, and social engineering to gain rapid access. The session covers practical defense steps that organizations can act on immediately, including faster patching of firewalls and VPNs, stronger conditional access enforcement, and tailored Sysmon configurations for better visibility.

Carlos walks through an actual incident response case, showing how disciplined playbooks, tuned detection tools, and pre-approved containment policies allowed a client to isolate and neutralize a threat within minutes.

Key topics include:

  • Edge device exploitation and evolving entry points
  • MFA bypass through token theft and conditional access gaps
  • EDR evasion techniques and tuning recommendations
  • Logging and retention priorities for faster investigations
  • Sysmon, Velociraptor, and CAPE for advanced telemetry
  • Building and testing actionable incident response playbooks

This session delivers field-tested lessons from active response engagements, giving defenders a clear view of what is working and where organizations are still most exposed.