$30 off During Our Annual Pro Sale. View Details »

Japanese Manufacturing, Killer Robots, & Effective Incident Handling

Scott J. Roberts
June 23, 2017
Technology
0
84

Japanese Manufacturing, Killer Robots, & Effective Incident Handling

The talk I did with @bfist at the SANS DFIR Summit 2017.

Scott J. Roberts

June 23, 2017
Tweet

More Decks by Scott J. Roberts

See All by Scott J. Roberts
Homemade Ramen & Threat Intelligence
sroberts
2
410
Introduction to Open Source Security Tools
sroberts
3
4.7k
Building Effective Threat Intelligence Sharing
sroberts
1
92
Crisis Communication for Incident Response
sroberts
1
260
Hipster DFIR on OSX - BSidesCincy
sroberts
3
3k
Community Intelligence & Open Source Tools
sroberts
5
1k
Responding @ Scale: osquery for Mass Incident Response and Detection
sroberts
1
12k
Hipster DFIR on OSX
sroberts
2
920
Crisis Communication for Incident Response
sroberts
2
7.5k

Other Decks in Technology

See All in Technology
DMMオンラインサロン エンジニア採用資料/ for-software-engineers
onlinesalon
0
3.6k
地域発展の新たなフロンティアを探そう、地方企業こそサーバーレスを活用すべき3つの理由 / Local Startup With Serverless
_kensh
0
130
サービスの1等地ホーム画面改善と効果的なステークホルダーマネジメント / Improvement of Prime Location Home Screen for Services and Effective Stakeholder Management
rilmayer
0
220
徹底解説!Power Platform 導入の成功事例から見る DX 推進のコツ / Tips for DX promotion from Power Platform case studies
karamem0
0
670
開発組織の体制づくり、いつやるか問題
akiroom
0
2.1k
device mapperによるディスクI/O障害のエミュレーション
sat
PRO
7
2.3k
GPTsによるアシスタント業務の改善
neonankiti
3
370
ソフトウェアの設計を学び、メンテナンスしやすいテストを作ろう / Learn software design, Create tests that are easy to maintain
culvert
2
280
2023 Digital Accessibility Legal Update – Part One
3playmarketing
0
110
KarateによるBDDベースのAPIテスト / BDD based API-Testing with Karate
takanorig
1
200
Java in containers and serverless
takesection
0
150
pmconf 2023 プロダクトと事業を無限にスケールするための最強のロードマップの作り方 / The Greatest Roadmap for Unlimited Scaling your Business and Products
yamamuteki
17
9.9k

Featured

See All Featured
Typedesign – Prime Four
hannesfritz
35
1.8k
Web Components: a chance to create the future
zenorocha
304
41k
Docker and Python
trallard
32
2.4k
Done Done
chrislema
178
15k
Writing Fast Ruby
sferik
615
59k
Building Applications with DynamoDB
mza
87
5.3k
Designing with Data
zakiwarfel
93
4.6k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
226
16k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
113
17k
How to name files
jennybc
59
87k
Gamification - CAS2011
davidbonilla
75
4.4k
The Brand Is Dead. Long Live the Brand.
mthomps
48
7.5k

Transcript

  1. Japanese Manufacturing,
    Killer Robots, & Effective
    Incident Handling
    With Scott & Kevin

    View Slide

  2. Introduction
    - Who We Are
    - What We’re About
    - What We’re Gonna Share

    View Slide

  3. Who We Are?
    Kevin aka @bfist
    Response Lead @ Heroku
    Scott aka @sroberts
    SIRT Lead @ GitHub
    FOR578 Instructor

    View Slide

  4. WHAT WE’RE ABOUT?
    MAKING INCIDENT RESPONSE MORE
    EFFICIENT WITH SCIENCE ENGINEERING

    View Slide

  5. WHAT WE’RE GONNA SHARE?
    A LOW COST, COLLABORATIVE METHOD FOR MANAGING COMMON
    INCIDENT RESPONSE WORKFLOWS

    View Slide

  6. You’ve Got 99
    Problems
    - Moving up the Maturity Model
    - Enable multiple responders
    - Provide easy to comms to
    stakeholders
    - Incidents come in waves
    - You’re poor and have no $$$

    View Slide

  7. Project Management
    MODEL SLIDE>

    View Slide

  8. JIT
    (Just In Time)
    - Management Theory from
    Toyota
    - Create as Needed/Not as
    Planned
    - Limits Inventory
    - Lots of IR Parallels

    View Slide

  9. Introduction to
    Kanban
    - A factory floor level
    production management tool
    - Spatial representation of tasks
    through a series of phases
    - Adapted to multiple non-
    manufacturing industries

    View Slide

  10. Introduction to Kanban

    View Slide

  11. View Slide

  12. View Slide

  13. Useful For..
    - Short Term (JIT) Tasks Around
    Incidents
    - Long Term Management Task
    for Projects & Continuous
    Output

    View Slide

  14. Warning
    We use the same tool (Kanban)
    BUT…
    We use kanban very differently
    (And that’s cool!!!)

    View Slide

  15. Example

    View Slide

  16. Platforms:
    GitHub Projects
    - Notes, artifacts, and boards in
    one place
    - Assign cards to people
    - Easy API
    - No Built In Templating

    View Slide

  17. GitHub Projects

    View Slide

  18. Platforms:
    Trello
    - Kanban is their main product
    - Full featured GUI
    - Card based discussions
    - Attachable Files
    - Many Integrations
    - Mature API

    View Slide

  19. Trello

    View Slide

  20. Incident Stages
    - Preparation. } Built Here
    - Identification
    - Containment
    - Eradication
    - Recovery
    - Lessons Learned
    }
    Helps Here

    View Slide

  21. Preparation
    - Build template Kanban boards
    for common incidents
    - Start with a column for basic
    information sharing
    - Do you have things that need
    to be done in every incident?

    View Slide

  22. Other Stages
    - Create a column for
    containment, eradication, and
    recovery tasks.
    - Do you need to roll creds for
    this incident?
    - Do you need to revoke
    hardware tokens?

    View Slide

  23. Example:
    Malware
    Incident

    View Slide

  24. Lessons Learned
    - Create a column for lessons
    learned
    - Dumping ground for the retro

    View Slide

  25. Meat &
    Potatoes
    (And Simplicity)
    - 3 Columns
    - In Progress
    - Done
    - Canceled
    - Assign People to Tasks
    - Canceled cards should have an
    explanation

    View Slide

  26. Example

    View Slide

  27. Example: Lost/Stolen Laptop

    View Slide

  28. Workflows:
    System Triage
    - New
    - Live Response Requested
    - Live Response Received
    - Analyzed
    - Remediated
    - Returned

    View Slide

  29. Workflows:
    Compromised
    Resources
    - Malicious Activity Identified
    - Password Reset
    - 2FA Verified
    - User Interviewed
    - Remediated

    View Slide

  30. Workflows:
    Indicator
    Development
    - Backlog
    - Enriched
    - COA: Discovery
    - Detection Created
    - COA: Detection Deployed
    - Detection Deprecated

    View Slide

  31. Workflows:
    Intelligence
    Product
    Development
    - Planned
    - Analyzed
    - Drafted
    - Edited
    - Released
    - Feedback Collected

    View Slide

  32. Automation
    - Templates move you from
    managed to defined
    - Repeatable & Consistent
    - Demonstrate Process
    - Reduce Admin Overhead

    View Slide

  33. Wanna Try It?
    github.com/sroberts/incident-template

    View Slide

  34. Bonus Content:
    The Five Whys
    - More Toyota Stuff
    - Root Cause Analysis
    Methodology
    - Useful Retrospective Technique

    View Slide

  35. Conclusion
    - Kanban helps make
    repeatable yet flexible
    processes
    - Makes communications
    consistent
    - Powerful with a little
    automation

    View Slide

  36. Thanks
    Made with <3
    By Scott (@sroberts) & Kevin (@bfist)

    View Slide