Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Japanese Manufacturing, Killer Robots, & Effect...
Search
Scott J. Roberts
June 23, 2017
Technology
0
110
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
The talk I did with @bfist at the SANS DFIR Summit 2017.
Scott J. Roberts
June 23, 2017
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
79
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
56
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
23
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
18
Homemade Ramen & Threat Intelligence
sroberts
2
470
Introduction to Open Source Security Tools
sroberts
3
4.8k
Building Effective Threat Intelligence Sharing
sroberts
1
110
Crisis Communication for Incident Response
sroberts
1
310
Hipster DFIR on OSX - BSidesCincy
sroberts
3
3.2k
Other Decks in Technology
See All in Technology
【株式会社ELYZA】|GENIAC成果報告会 自社開発モデルプレゼンテーション
elyza
1
270
タイミーのレコメンドにおける ABテストの運用
ozeshun
1
140
QAに対する超個人的な解釈 / Personal Take on QA
toma_sm
1
100
どこよりも遅めなWinActor Ver.7.5.0 新機能紹介
tamai_63
0
210
技術的負債解消の取り組みと専門チームのお話
bengo4com
0
330
LINEヤフーのフロントエンド組織・体制の紹介
lycorp_recruit_jp
1
1.2k
Technical Writing Meetup vol.35
soracom
PRO
2
120
Jetpack Compose Modifier 徹底解説 / Jetpack Compose Modifier
wiroha
0
200
Discovering AI Models
picardparis
4
3.9k
PdMはどのように全てのスピードを上げられるか ~ 非連続進化のための具体的な取り組み ~
sansantech
PRO
4
1.3k
ナレッジグラフとLLMの相互利用
koujikozaki
0
420
OR学会2024秋_短期収益と将来のオフ方策評価性能を考慮したクーポン割当方策混合比の決定
recruitengineers
PRO
4
460
Featured
See All Featured
How to name files
jennybc
75
98k
Infographics Made Easy
chrislema
239
18k
Web Components: a chance to create the future
zenorocha
309
42k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
1
53
BBQ
matthewcrist
83
9.2k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
43
2k
The Mythical Team-Month
searls
218
43k
How to train your dragon (web standard)
notwaldorf
85
5.6k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
190
16k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
123
18k
Designing Experiences People Love
moore
138
23k
Mobile First: as difficult as doing things right
swwweet
221
8.8k
Transcript
Japanese Manufacturing, Killer Robots, & Effective Incident Handling With Scott
& Kevin
Introduction - Who We Are - What We’re About -
What We’re Gonna Share
Who We Are? Kevin aka @bfist Response Lead @ Heroku
Scott aka @sroberts SIRT Lead @ GitHub FOR578 Instructor
WHAT WE’RE ABOUT? MAKING INCIDENT RESPONSE MORE EFFICIENT WITH SCIENCE
ENGINEERING
WHAT WE’RE GONNA SHARE? A LOW COST, COLLABORATIVE METHOD FOR
MANAGING COMMON INCIDENT RESPONSE WORKFLOWS
You’ve Got 99 Problems - Moving up the Maturity Model
- Enable multiple responders - Provide easy to comms to stakeholders - Incidents come in waves - You’re poor and have no $$$
Project Management <REQUIRED MODEL SLIDE>
JIT (Just In Time) - Management Theory from Toyota -
Create as Needed/Not as Planned - Limits Inventory - Lots of IR Parallels
Introduction to Kanban - A factory floor level production management
tool - Spatial representation of tasks through a series of phases - Adapted to multiple non- manufacturing industries
Introduction to Kanban
None
None
Useful For.. - Short Term (JIT) Tasks Around Incidents -
Long Term Management Task for Projects & Continuous Output
Warning We use the same tool (Kanban) BUT… We use
kanban very differently (And that’s cool!!!)
Example
Platforms: GitHub Projects - Notes, artifacts, and boards in one
place - Assign cards to people - Easy API - No Built In Templating
GitHub Projects
Platforms: Trello - Kanban is their main product - Full
featured GUI - Card based discussions - Attachable Files - Many Integrations - Mature API
Trello
Incident Stages - Preparation. } Built Here - Identification -
Containment - Eradication - Recovery - Lessons Learned } Helps Here
Preparation - Build template Kanban boards for common incidents -
Start with a column for basic information sharing - Do you have things that need to be done in every incident?
Other Stages - Create a column for containment, eradication, and
recovery tasks. - Do you need to roll creds for this incident? - Do you need to revoke hardware tokens?
Example: Malware Incident
Lessons Learned - Create a column for lessons learned -
Dumping ground for the retro
Meat & Potatoes (And Simplicity) - 3 Columns - In
Progress - Done - Canceled - Assign People to Tasks - Canceled cards should have an explanation
Example
Example: Lost/Stolen Laptop
Workflows: System Triage - New - Live Response Requested -
Live Response Received - Analyzed - Remediated - Returned
Workflows: Compromised Resources - Malicious Activity Identified - Password Reset
- 2FA Verified - User Interviewed - Remediated
Workflows: Indicator Development - Backlog - Enriched - COA: Discovery
- Detection Created - COA: Detection Deployed - Detection Deprecated
Workflows: Intelligence Product Development - Planned - Analyzed - Drafted
- Edited - Released - Feedback Collected
Automation - Templates move you from managed to defined -
Repeatable & Consistent - Demonstrate Process - Reduce Admin Overhead
Wanna Try It? github.com/sroberts/incident-template
Bonus Content: The Five Whys - More Toyota Stuff -
Root Cause Analysis Methodology - Useful Retrospective Technique
Conclusion - Kanban helps make repeatable yet flexible processes -
Makes communications consistent - Powerful with a little automation
Thanks Made with <3 By Scott (@sroberts) & Kevin (@bfist)