Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
Search
Scott J. Roberts
June 23, 2017
Technology
0
96
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
The talk I did with @bfist at the SANS DFIR Summit 2017.
Scott J. Roberts
June 23, 2017
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
Homemade Ramen & Threat Intelligence
sroberts
2
430
Introduction to Open Source Security Tools
sroberts
3
4.7k
Building Effective Threat Intelligence Sharing
sroberts
1
100
Crisis Communication for Incident Response
sroberts
1
290
Hipster DFIR on OSX - BSidesCincy
sroberts
3
3.1k
Community Intelligence & Open Source Tools
sroberts
5
1.1k
Responding @ Scale: osquery for Mass Incident Response and Detection
sroberts
1
12k
Hipster DFIR on OSX
sroberts
2
950
Crisis Communication for Incident Response
sroberts
2
7.6k
Other Decks in Technology
See All in Technology
コンパウンドスタートアップのためのスケーラブルでセキュアなInfrastructure as Codeパイプラインを考える / Scalable and Secure Infrastructure as Code Pipeline for a Compound Startup
yuyatakeyama
4
4.7k
ServiceNow Knowledge 24の歩き方 EYストラテジー・アンド・コンサルティング
manarobot
0
190
DevOpsメトリクスとアウトカムの接続にトライ!開発プロセスを通して計測できるメトリクスの活用方法
ham0215
2
230
20240416_devopsdaystokyo
kzkmaeda
1
220
本当のAWS基礎
toru_kubota
0
500
Janus
bkuhlmann
1
490
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
2.1k
Postman v10リリース後を振り返る / Looking back at Postman v10 after release
yokawasa
1
160
20240418_Google ColabにLLMが搭載されたようなのでPython x データ分析の勉強方法を考えてみる
doradora09
0
120
TechFeed Experts Night#27 〜 フロントエンドフレームワーク最前線 (Svelte)
baseballyama
1
400
JAWS-UG Bedrock Claude Night
yamahiro
3
560
APIファーストなプロダクトマネジメントの実践 〜SaaSus Platformでの例〜 / "Practicing API-First Product Management - An Example with SaaSus Platform
oztick139
0
100
Featured
See All Featured
Git: the NoSQL Database
bkeepers
PRO
422
63k
Building Your Own Lightsaber
phodgson
99
5.7k
Building an army of robots
kneath
300
41k
StorybookのUI Testing Handbookを読んだ
zakiyama
13
4.6k
Reflections from 52 weeks, 52 projects
jeffersonlam
345
19k
The Straight Up "How To Draw Better" Workshop
denniskardys
227
130k
The Mythical Team-Month
searls
216
42k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
187
16k
The Invisible Side of Design
smashingmag
294
49k
Teambox: Starting and Learning
jrom
128
8.4k
Bootstrapping a Software Product
garrettdimon
PRO
302
110k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
274
13k
Transcript
Japanese Manufacturing, Killer Robots, & Effective Incident Handling With Scott
& Kevin
Introduction - Who We Are - What We’re About -
What We’re Gonna Share
Who We Are? Kevin aka @bfist Response Lead @ Heroku
Scott aka @sroberts SIRT Lead @ GitHub FOR578 Instructor
WHAT WE’RE ABOUT? MAKING INCIDENT RESPONSE MORE EFFICIENT WITH SCIENCE
ENGINEERING
WHAT WE’RE GONNA SHARE? A LOW COST, COLLABORATIVE METHOD FOR
MANAGING COMMON INCIDENT RESPONSE WORKFLOWS
You’ve Got 99 Problems - Moving up the Maturity Model
- Enable multiple responders - Provide easy to comms to stakeholders - Incidents come in waves - You’re poor and have no $$$
Project Management <REQUIRED MODEL SLIDE>
JIT (Just In Time) - Management Theory from Toyota -
Create as Needed/Not as Planned - Limits Inventory - Lots of IR Parallels
Introduction to Kanban - A factory floor level production management
tool - Spatial representation of tasks through a series of phases - Adapted to multiple non- manufacturing industries
Introduction to Kanban
None
None
Useful For.. - Short Term (JIT) Tasks Around Incidents -
Long Term Management Task for Projects & Continuous Output
Warning We use the same tool (Kanban) BUT… We use
kanban very differently (And that’s cool!!!)
Example
Platforms: GitHub Projects - Notes, artifacts, and boards in one
place - Assign cards to people - Easy API - No Built In Templating
GitHub Projects
Platforms: Trello - Kanban is their main product - Full
featured GUI - Card based discussions - Attachable Files - Many Integrations - Mature API
Trello
Incident Stages - Preparation. } Built Here - Identification -
Containment - Eradication - Recovery - Lessons Learned } Helps Here
Preparation - Build template Kanban boards for common incidents -
Start with a column for basic information sharing - Do you have things that need to be done in every incident?
Other Stages - Create a column for containment, eradication, and
recovery tasks. - Do you need to roll creds for this incident? - Do you need to revoke hardware tokens?
Example: Malware Incident
Lessons Learned - Create a column for lessons learned -
Dumping ground for the retro
Meat & Potatoes (And Simplicity) - 3 Columns - In
Progress - Done - Canceled - Assign People to Tasks - Canceled cards should have an explanation
Example
Example: Lost/Stolen Laptop
Workflows: System Triage - New - Live Response Requested -
Live Response Received - Analyzed - Remediated - Returned
Workflows: Compromised Resources - Malicious Activity Identified - Password Reset
- 2FA Verified - User Interviewed - Remediated
Workflows: Indicator Development - Backlog - Enriched - COA: Discovery
- Detection Created - COA: Detection Deployed - Detection Deprecated
Workflows: Intelligence Product Development - Planned - Analyzed - Drafted
- Edited - Released - Feedback Collected
Automation - Templates move you from managed to defined -
Repeatable & Consistent - Demonstrate Process - Reduce Admin Overhead
Wanna Try It? github.com/sroberts/incident-template
Bonus Content: The Five Whys - More Toyota Stuff -
Root Cause Analysis Methodology - Useful Retrospective Technique
Conclusion - Kanban helps make repeatable yet flexible processes -
Makes communications consistent - Powerful with a little automation
Thanks Made with <3 By Scott (@sroberts) & Kevin (@bfist)