SUPERCHARGE YOUR SECURITY Water Information Sharing and Analysis Center DHS Hunt and Incident Response Team September 12, 2018
SUPERCHARGE YOUR SECURITY Presenter Brian Draper, DHS NCCIC HIRT Slides and recording will be posted by Thursday.
National Cybersecurity & Communications Integration Center (NCCIC) HUNT AND INCIDENT RESPONSE TEAM (HIRT) Brian Draper Sr. Incident Response Analyst NCCIC Hunt and Incident Response Team (HIRT)
5 UNCLASSIFIED
Agenda nda HIRT Overview w HIRT Service ce Offerings gs Proacti tive Hunt vs. Incide ident nt Respons nse Incide ident nt Respons nse Life ifecycl cle Prio ioritizi zing ng Incide idents nts Enga gagement nt Types Enga gagement nt Workflo low How ow to Contac act t HIRT UNCLASSIFIED
Hunt & Incident The National Cybersecurity Communications and Integration Center (NCCIC) Hunt and Incident Response Team Response Team (HIRT) provides expert intrusion analysis and (HIRT) mitigation guidance to clients who lack the in-house capability or require additional assistance with responding to a cyber incident. HIRT’s clients include: Uniquely positioned to provide Federal departments and agencies comprehensive State, Local, Tribal and Territorial (SLTT) analysis governments Classified and unclassified tactics, Private Sector (Industry & Critical techniques and procedures (tips) Infrastructure) Public and private sector partners Academia Established relationships with International Organizations Law Enforcement, Intelligence Community and International Partners 7 UNCLASSIFIED
HIRT RT Servic ice e Offerin ings gs Incide dent t Triage ge Hunt Analysis Network ork Topol olog ogy y Re Review Mitigati tion on Infras astr truc ucture ure Configurat guration on Malwar ware Analys ysis Re Review Log Analysis Digital Media Analys ysis Incide dent t Specific Risk Control rol Syste tem m Incide dent t Overview w Analys ysis UNCLASSIFIED
Proac oactive tive Hun unt Incident cident Res espo ponse nse A search for malicious activity through HIRT takes action to respond to a the examination of a network reported incident and to address the environment for exploitation tools, increased risks generated by the tactics, procedures, and associated incident artifacts Asset owners and trusted third parties report information to NCCIC. An asset owner-driven request Trusted reporters include FBI, Information Sharing and Analysis Centers (ISACs), and Uses a risk review to scope the breadth other government agencies of the Proactive Hunt Uses a risk review to scope the breadth If malicious activity is observed during a of the Incident Response hunt, move to Incident Response UNCLASSIFIED
HIR IRT T In Incident ent Response sponse Lifec ecycle ycle UNCLASSIFIED
NCISS S Solution ion NCCIC Cyber Incident nt Scori oring ng System em (NCISS) Based ed on NIST T 800-61 Rev Revision 2 • Functional Impact • Information Impact • Recoverability • Adds Actor Characterization • Adds Observed Activity • Adds Location of Observed Activity • Adds Cross Sector Dependency • Adds Potential Impact Uses a weighted average (math) of the above criteria for a repeatable process UNCLASSIFIED
En Engageme gement nt Typ ypes es Providing assistance without being physically Re Remot ote Assistance nce onsite Advising for mitigation onsite but technical Advisory y Deploym yment nt analysis capabilities not deployed Deploying Equipment, remotely conducting Re Remot ote Deploym yment nt analysis Deployment of equipment and personal onsite to Onsite te Deploym yment nt conduct technical analysis UNCLASSIFIED
Inci cident dent Re Respon onse se Workflow rkflow UNCLASSIFIED
Onsit ite e Deplo loym yment ent Tea eam m Composit positio ion UNCLASSIFIED
Engag gagement ment Timeli meline ne UNCLASSIFIED
How to Contact ntact NCCIC IC for Hun unt and Inci cident dent Re Respon onse se Services vices OPERATIONS : ncciccustomerservice@hq.dhs.gov Emai ail: : 888-282-0870 Phone ne: UNCLASSIFIED
SUPERCHARGE YOUR SECURITY Upcoming WaterISAC Events and Opportunities Monthly Water Sector Cyber Threat Web Briefing Wednesday, September 26, 2018; 2:00 – 3:00 PM ET
SUPERCHARGE YOUR SECURITY Thank You WaterISAC Contact Information: 1-866-H2O-ISAC Michael Arceneaux Paul Laporte Managing Director Member Relations Manager arceneaux@waterisac.org laporte@waterisac.org Chuck Egli Jennifer Walker Lead Analyst Cybersecurity Risk Analyst egli@waterisac.org walker@waterisac.org
Recommend
More recommend