DevSecOps Bootcamp - Week 4 - Lesson 3

Transcript

1. 1 BUILDING RUGGED SOFTWARE YEAR ONE / WEEK FOUR /

   LESSON THREE Copyright © DevSecOps Foundation 2015-2016

2. 2 Copyright © DevSecOps Foundation 2015-2016 • Tying it all

   together • Why do we go through the trouble? • Where to get started? • Incident Response Agenda

3. 3 Copyright © DevSecOps Foundation 2015-2016 • Knowing what’s going

   on is half the battle • Indispensable in large environments • Legal ramifications of not doing due diligence • Prevention is ideal, detection is essential • Bad guys will get in • Minimizing our reaction time is critical Why

4. 4 Copyright © DevSecOps Foundation 2015-2016 • Hunt • Familiarize

   yourself with logs/data • Look for evidence of misuse • Investigate • Remediate • Create alerts Where to get started?

5. 5 Copyright © DevSecOps Foundation 2015-2016 • Types of threat

   intel • Open source • Vendor provided • Home grown Where to get started? Open source + Vendor provided + Home grown => High fidelity alerts

6. 6 Copyright © DevSecOps Foundation 2015-2016 Incident Response Preparation Identification

   Containment Eradication Recovery Lessons Learned NIST/SANS Incident Response Methodology Today Alerting Threat Intel

7. 7 Copyright © DevSecOps Foundation 2015-2016 Questions?

8. 8 Copyright © DevSecOps Foundation 2015-2016 • If you weren’t

   here last week team up with someone who was or quickly do week 3 lab 2 (get AWS credentials from Instructor) • If you were here last week: • Run through the exercises in week 3 lab 3 if Splunk searches return no data Lab 3