Japanese Manufacturing, Killer Robots, & Effective Incident Handling

Transcript

1. 1.

   Japanese Manufacturing, Killer Robots, & Effective Incident Handling With Scott

   & Kevin
2. 2.

   Introduction - Who We Are - What We’re About -

   What We’re Gonna Share
3. 3.

   Who We Are? Kevin aka @bfist Response Lead @ Heroku

   Scott aka @sroberts SIRT Lead @ GitHub FOR578 Instructor
4. 4.

   WHAT WE’RE ABOUT? MAKING INCIDENT RESPONSE MORE EFFICIENT WITH SCIENCE

   ENGINEERING
5. 5.

   WHAT WE’RE GONNA SHARE? A LOW COST, COLLABORATIVE METHOD FOR

   MANAGING COMMON INCIDENT RESPONSE WORKFLOWS
6. 6.

   You’ve Got 99 Problems - Moving up the Maturity Model

   - Enable multiple responders - Provide easy to comms to stakeholders - Incidents come in waves - You’re poor and have no $$$
7. 7.

   Project Management <REQUIRED MODEL SLIDE>

8. 8.

   JIT (Just In Time) - Management Theory from Toyota -

   Create as Needed/Not as Planned - Limits Inventory - Lots of IR Parallels
9. 9.

   Introduction to Kanban - A factory floor level production management

   tool - Spatial representation of tasks through a series of phases - Adapted to multiple non- manufacturing industries
10. 10.

    Introduction to Kanban

11. 11.

    None
12. 12.

    None
13. 13.

    Useful For.. - Short Term (JIT) Tasks Around Incidents -

    Long Term Management Task for Projects & Continuous Output
14. 14.

    Warning We use the same tool (Kanban) BUT… We use

    kanban very differently (And that’s cool!!!)
15. 15.

    Example

16. 16.

    Platforms: GitHub Projects - Notes, artifacts, and boards in one

    place - Assign cards to people - Easy API - No Built In Templating
17. 17.

    GitHub Projects

18. 18.

    Platforms: Trello - Kanban is their main product - Full

    featured GUI - Card based discussions - Attachable Files - Many Integrations - Mature API
19. 19.

    Trello

20. 20.

    Incident Stages - Preparation. } Built Here - Identification -

    Containment - Eradication - Recovery - Lessons Learned } Helps Here
21. 21.

    Preparation - Build template Kanban boards for common incidents -

    Start with a column for basic information sharing - Do you have things that need to be done in every incident?
22. 22.

    Other Stages - Create a column for containment, eradication, and

    recovery tasks. - Do you need to roll creds for this incident? - Do you need to revoke hardware tokens?
23. 23.

    Example: Malware Incident

24. 24.

    Lessons Learned - Create a column for lessons learned -

    Dumping ground for the retro
25. 25.

    Meat & Potatoes (And Simplicity) - 3 Columns - In

    Progress - Done - Canceled - Assign People to Tasks - Canceled cards should have an explanation
26. 26.

    Example

27. 27.

    Example: Lost/Stolen Laptop

28. 28.

    Workflows: System Triage - New - Live Response Requested -

    Live Response Received - Analyzed - Remediated - Returned
29. 29.

    Workflows: Compromised Resources - Malicious Activity Identified - Password Reset

    - 2FA Verified - User Interviewed - Remediated
30. 30.

    Workflows: Indicator Development - Backlog - Enriched - COA: Discovery

    - Detection Created - COA: Detection Deployed - Detection Deprecated
31. 31.

    Workflows: Intelligence Product Development - Planned - Analyzed - Drafted

    - Edited - Released - Feedback Collected
32. 32.

    Automation - Templates move you from managed to defined -

    Repeatable & Consistent - Demonstrate Process - Reduce Admin Overhead
33. 33.

    Wanna Try It? github.com/sroberts/incident-template

34. 34.

    Bonus Content: The Five Whys - More Toyota Stuff -

    Root Cause Analysis Methodology - Useful Retrospective Technique
35. 35.

    Conclusion - Kanban helps make repeatable yet flexible processes -

    Makes communications consistent - Powerful with a little automation
36. 36.

    Thanks Made with <3 By Scott (@sroberts) & Kevin (@bfist)