Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Japanese Manufacturing, Killer Robots, & Effect...
Search
Scott J. Roberts
June 23, 2017
Technology
160
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
The talk I did with @bfist at the SANS DFIR Summit 2017.
Scott J. Roberts
June 23, 2017
More Decks by Scott J. Roberts
See All by Scott J. Roberts
LLM SATs FTW
sroberts
0
1.5k
STRAT - A System-Centric Approach to Cyber Resilience
sroberts
0
89
Tortured Responders Dept - Scott & Rebekah's Edition
sroberts
0
170
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
200
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
130
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
120
Homemade Ramen & Threat Intelligence
sroberts
2
630
Introduction to Open Source Security Tools
sroberts
3
5.1k
Building Effective Threat Intelligence Sharing
sroberts
1
150
Other Decks in Technology
See All in Technology
AIペネトレーションテスト・ セキュリティ検証「AgenticSec」紹介資料
laysakura
2
7.8k
AI Agentをシステムに組み込む前にゆるく向き合ってみる
hayama17
0
180
GitHub Copilot運用のリアル ~AI Credit時代にどう向き合うか~
takafumisu2uk1
0
560
NDIAS CTF 2026 問題解説会資料
bata_24
0
140
Terraform 101 (初心者向け) 資料
shuadachi
0
110
Hatena Engineer Seminar 37 jj1uzh
jj1uzh
0
300
Fabricをフル活用する AI Agent Hub -製造業特化AIエージェントの設計
iotcomjpadmin
0
170
Oracle Exadata Database Service on Cloud@Customer X11M (ExaDB-C@C) サービス概要
oracle4engineer
PRO
2
8.2k
徹底討論!ECS vs EKS!
daitak
3
1.8k
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
11k
トークン最適化のためのユーザーストーリー分析 / User Story Analysis for Token Optimization
oomatomo
0
150
AIは、人間らしい仕事の夢を見るか?─ AI時代のtoB/toEプロダクトを再設計する
techtekt
PRO
0
190
Featured
See All Featured
Product Roadmaps are Hard
iamctodd
PRO
55
12k
Tell your own story through comics
letsgokoyo
1
980
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
2k
Jess Joyce - The Pitfalls of Following Frameworks
techseoconnect
PRO
1
170
Abbi's Birthday
coloredviolet
3
8.3k
エンジニアに許された特別な時間の終わり
watany
107
250k
From Legacy to Launchpad: Building Startup-Ready Communities
dugsong
0
240
Docker and Python
trallard
47
3.9k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.5k
Stewardship and Sustainability of Urban and Community Forests
pwiseman
0
240
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
Transcript
Japanese Manufacturing, Killer Robots, & Effective Incident Handling With Scott
& Kevin
Introduction - Who We Are - What We’re About -
What We’re Gonna Share
Who We Are? Kevin aka @bfist Response Lead @ Heroku
Scott aka @sroberts SIRT Lead @ GitHub FOR578 Instructor
WHAT WE’RE ABOUT? MAKING INCIDENT RESPONSE MORE EFFICIENT WITH SCIENCE
ENGINEERING
WHAT WE’RE GONNA SHARE? A LOW COST, COLLABORATIVE METHOD FOR
MANAGING COMMON INCIDENT RESPONSE WORKFLOWS
You’ve Got 99 Problems - Moving up the Maturity Model
- Enable multiple responders - Provide easy to comms to stakeholders - Incidents come in waves - You’re poor and have no $$$
Project Management <REQUIRED MODEL SLIDE>
JIT (Just In Time) - Management Theory from Toyota -
Create as Needed/Not as Planned - Limits Inventory - Lots of IR Parallels
Introduction to Kanban - A factory floor level production management
tool - Spatial representation of tasks through a series of phases - Adapted to multiple non- manufacturing industries
Introduction to Kanban
None
None
Useful For.. - Short Term (JIT) Tasks Around Incidents -
Long Term Management Task for Projects & Continuous Output
Warning We use the same tool (Kanban) BUT… We use
kanban very differently (And that’s cool!!!)
Example
Platforms: GitHub Projects - Notes, artifacts, and boards in one
place - Assign cards to people - Easy API - No Built In Templating
GitHub Projects
Platforms: Trello - Kanban is their main product - Full
featured GUI - Card based discussions - Attachable Files - Many Integrations - Mature API
Trello
Incident Stages - Preparation. } Built Here - Identification -
Containment - Eradication - Recovery - Lessons Learned } Helps Here
Preparation - Build template Kanban boards for common incidents -
Start with a column for basic information sharing - Do you have things that need to be done in every incident?
Other Stages - Create a column for containment, eradication, and
recovery tasks. - Do you need to roll creds for this incident? - Do you need to revoke hardware tokens?
Example: Malware Incident
Lessons Learned - Create a column for lessons learned -
Dumping ground for the retro
Meat & Potatoes (And Simplicity) - 3 Columns - In
Progress - Done - Canceled - Assign People to Tasks - Canceled cards should have an explanation
Example
Example: Lost/Stolen Laptop
Workflows: System Triage - New - Live Response Requested -
Live Response Received - Analyzed - Remediated - Returned
Workflows: Compromised Resources - Malicious Activity Identified - Password Reset
- 2FA Verified - User Interviewed - Remediated
Workflows: Indicator Development - Backlog - Enriched - COA: Discovery
- Detection Created - COA: Detection Deployed - Detection Deprecated
Workflows: Intelligence Product Development - Planned - Analyzed - Drafted
- Edited - Released - Feedback Collected
Automation - Templates move you from managed to defined -
Repeatable & Consistent - Demonstrate Process - Reduce Admin Overhead
Wanna Try It? github.com/sroberts/incident-template
Bonus Content: The Five Whys - More Toyota Stuff -
Root Cause Analysis Methodology - Useful Retrospective Technique
Conclusion - Kanban helps make repeatable yet flexible processes -
Makes communications consistent - Powerful with a little automation
Thanks Made with <3 By Scott (@sroberts) & Kevin (@bfist)