Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
Search
Scott J. Roberts
June 23, 2017
Technology
0
100
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
The talk I did with @bfist at the SANS DFIR Summit 2017.
Scott J. Roberts
June 23, 2017
Tweet
Share
More Decks by Scott J. Roberts
See All by Scott J. Roberts
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
43
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
19
Exploring Threat Intelligence: Insights and Tools from Vertex Synapse
sroberts
0
14
Homemade Ramen & Threat Intelligence
sroberts
2
460
Introduction to Open Source Security Tools
sroberts
3
4.8k
Building Effective Threat Intelligence Sharing
sroberts
1
100
Crisis Communication for Incident Response
sroberts
1
300
Hipster DFIR on OSX - BSidesCincy
sroberts
3
3.2k
Community Intelligence & Open Source Tools
sroberts
5
1.1k
Other Decks in Technology
See All in Technology
LINE WORKSへ簡単通知!Incoming Webhookアプリの紹介
mmclsntr
0
110
エンジニアリングマネージャーはどう学んでいくのか #devsumi / How Do Engineering Managers Continue to Learn and Grow?
expajp
4
1.3k
GoとアクターモデルでES+CQRSを実践! / proto_actor_es_cqrs
ytake
1
150
RAGのサービスをリリースして1年3ヶ月が経ちました
segavvy
4
900
【基調講演】変える、今ここから ― IoTとAIで紡ぐ未来
soracom
PRO
0
310
OSSコミットしてZennの課題を解決した話
dyoshikawa1993
0
150
たくさん本を読んだけど 1年後には綺麗サッパリ!を乗り越えて 学習の鬼になるぞ👹
yum3
0
160
テストケースの自動生成に生成AIの導入を試みた話と生成AIによる今後の期待
shift_evolve
0
180
エンジニアの生存戦略 〜クラウド潮流の経験から紐解く技術トレンドのメカニズムと乗りこなし方〜
shimy
9
1.9k
累計ダウンロード数1億8000万を超えるアプリケーションプラットフォームのレガシーシステム脱却とモダン化への道
kmitsuhashi
0
120
シフトレフトで挑む セキュリティの生産性向上
sekido
PRO
0
270
地理情報とAPIのトレンド
nagix
0
160
Featured
See All Featured
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
121
18k
Side Projects
sachag
451
42k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
12
3.8k
The Language of Interfaces
destraynor
151
23k
Writing Fast Ruby
sferik
623
60k
Six Lessons from altMBA
skipperchong
24
3.2k
Web Components: a chance to create the future
zenorocha
307
41k
KATA
mclloyd
20
13k
WebSockets: Embracing the real-time Web
robhawkes
59
7.2k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
129
32k
From Idea to $5000 a Month in 5 Months
shpigford
377
46k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
24
1.8k
Transcript
Japanese Manufacturing, Killer Robots, & Effective Incident Handling With Scott
& Kevin
Introduction - Who We Are - What We’re About -
What We’re Gonna Share
Who We Are? Kevin aka @bfist Response Lead @ Heroku
Scott aka @sroberts SIRT Lead @ GitHub FOR578 Instructor
WHAT WE’RE ABOUT? MAKING INCIDENT RESPONSE MORE EFFICIENT WITH SCIENCE
ENGINEERING
WHAT WE’RE GONNA SHARE? A LOW COST, COLLABORATIVE METHOD FOR
MANAGING COMMON INCIDENT RESPONSE WORKFLOWS
You’ve Got 99 Problems - Moving up the Maturity Model
- Enable multiple responders - Provide easy to comms to stakeholders - Incidents come in waves - You’re poor and have no $$$
Project Management <REQUIRED MODEL SLIDE>
JIT (Just In Time) - Management Theory from Toyota -
Create as Needed/Not as Planned - Limits Inventory - Lots of IR Parallels
Introduction to Kanban - A factory floor level production management
tool - Spatial representation of tasks through a series of phases - Adapted to multiple non- manufacturing industries
Introduction to Kanban
None
None
Useful For.. - Short Term (JIT) Tasks Around Incidents -
Long Term Management Task for Projects & Continuous Output
Warning We use the same tool (Kanban) BUT… We use
kanban very differently (And that’s cool!!!)
Example
Platforms: GitHub Projects - Notes, artifacts, and boards in one
place - Assign cards to people - Easy API - No Built In Templating
GitHub Projects
Platforms: Trello - Kanban is their main product - Full
featured GUI - Card based discussions - Attachable Files - Many Integrations - Mature API
Trello
Incident Stages - Preparation. } Built Here - Identification -
Containment - Eradication - Recovery - Lessons Learned } Helps Here
Preparation - Build template Kanban boards for common incidents -
Start with a column for basic information sharing - Do you have things that need to be done in every incident?
Other Stages - Create a column for containment, eradication, and
recovery tasks. - Do you need to roll creds for this incident? - Do you need to revoke hardware tokens?
Example: Malware Incident
Lessons Learned - Create a column for lessons learned -
Dumping ground for the retro
Meat & Potatoes (And Simplicity) - 3 Columns - In
Progress - Done - Canceled - Assign People to Tasks - Canceled cards should have an explanation
Example
Example: Lost/Stolen Laptop
Workflows: System Triage - New - Live Response Requested -
Live Response Received - Analyzed - Remediated - Returned
Workflows: Compromised Resources - Malicious Activity Identified - Password Reset
- 2FA Verified - User Interviewed - Remediated
Workflows: Indicator Development - Backlog - Enriched - COA: Discovery
- Detection Created - COA: Detection Deployed - Detection Deprecated
Workflows: Intelligence Product Development - Planned - Analyzed - Drafted
- Edited - Released - Feedback Collected
Automation - Templates move you from managed to defined -
Repeatable & Consistent - Demonstrate Process - Reduce Admin Overhead
Wanna Try It? github.com/sroberts/incident-template
Bonus Content: The Five Whys - More Toyota Stuff -
Root Cause Analysis Methodology - Useful Retrospective Technique
Conclusion - Kanban helps make repeatable yet flexible processes -
Makes communications consistent - Powerful with a little automation
Thanks Made with <3 By Scott (@sroberts) & Kevin (@bfist)