and analysis center
play

and Analysis Center DHS Hunt and Incident Response Team September - PowerPoint PPT Presentation

SUPERCHARGE YOUR SECURITY Water Information Sharing and Analysis Center DHS Hunt and Incident Response Team September 12, 2018 SUPERCHARGE YOUR SECURITY Presenter Brian Draper, DHS NCCIC HIRT Slides and recording will be posted by


  1. SUPERCHARGE YOUR SECURITY Water Information Sharing and Analysis Center DHS Hunt and Incident Response Team September 12, 2018

  2. SUPERCHARGE YOUR SECURITY Presenter  Brian Draper, DHS NCCIC HIRT Slides and recording will be posted by Thursday.

  3. National Cybersecurity & Communications Integration Center (NCCIC) HUNT AND INCIDENT RESPONSE TEAM (HIRT) Brian Draper Sr. Incident Response Analyst NCCIC Hunt and Incident Response Team (HIRT)

  4. 5 UNCLASSIFIED

  5. Agenda nda HIRT Overview w HIRT Service ce Offerings gs Proacti tive Hunt vs. Incide ident nt Respons nse Incide ident nt Respons nse Life ifecycl cle Prio ioritizi zing ng Incide idents nts Enga gagement nt Types Enga gagement nt Workflo low How ow to Contac act t HIRT UNCLASSIFIED

  6. Hunt & Incident The National Cybersecurity Communications and Integration Center (NCCIC) Hunt and Incident Response Team Response Team (HIRT) provides expert intrusion analysis and (HIRT) mitigation guidance to clients who lack the in-house capability or require additional assistance with responding to a cyber incident. HIRT’s clients include: Uniquely positioned to provide Federal departments and agencies comprehensive State, Local, Tribal and Territorial (SLTT) analysis governments Classified and unclassified tactics, Private Sector (Industry & Critical techniques and procedures (tips) Infrastructure) Public and private sector partners Academia Established relationships with International Organizations Law Enforcement, Intelligence Community and International Partners 7 UNCLASSIFIED

  7. HIRT RT Servic ice e Offerin ings gs  Incide dent t Triage ge  Hunt Analysis  Network ork Topol olog ogy y Re Review  Mitigati tion on  Infras astr truc ucture ure Configurat guration on Malwar ware Analys ysis  Re Review  Log Analysis  Digital Media Analys ysis  Incide dent t Specific Risk  Control rol Syste tem m Incide dent t Overview w Analys ysis UNCLASSIFIED

  8. Proac oactive tive Hun unt Incident cident Res espo ponse nse A search for malicious activity through HIRT takes action to respond to a the examination of a network reported incident and to address the environment for exploitation tools, increased risks generated by the tactics, procedures, and associated incident artifacts Asset owners and trusted third parties report information to NCCIC. An asset owner-driven request Trusted reporters include FBI, Information Sharing and Analysis Centers (ISACs), and Uses a risk review to scope the breadth other government agencies of the Proactive Hunt Uses a risk review to scope the breadth If malicious activity is observed during a of the Incident Response hunt, move to Incident Response UNCLASSIFIED

  9. HIR IRT T In Incident ent Response sponse Lifec ecycle ycle UNCLASSIFIED

  10. NCISS S Solution ion NCCIC Cyber Incident nt Scori oring ng System em (NCISS) Based ed on NIST T 800-61 Rev Revision 2 • Functional Impact • Information Impact • Recoverability • Adds Actor Characterization • Adds Observed Activity • Adds Location of Observed Activity • Adds Cross Sector Dependency • Adds Potential Impact Uses a weighted average (math) of the above criteria for a repeatable process UNCLASSIFIED

  11. En Engageme gement nt Typ ypes es Providing assistance without being physically Re Remot ote Assistance nce onsite Advising for mitigation onsite but technical Advisory y Deploym yment nt analysis capabilities not deployed Deploying Equipment, remotely conducting Re Remot ote Deploym yment nt analysis Deployment of equipment and personal onsite to Onsite te Deploym yment nt conduct technical analysis UNCLASSIFIED

  12. Inci cident dent Re Respon onse se Workflow rkflow UNCLASSIFIED

  13. Onsit ite e Deplo loym yment ent Tea eam m Composit positio ion UNCLASSIFIED

  14. Engag gagement ment Timeli meline ne UNCLASSIFIED

  15. How to Contact ntact NCCIC IC for Hun unt and Inci cident dent Re Respon onse se Services vices OPERATIONS : ncciccustomerservice@hq.dhs.gov Emai ail: : 888-282-0870 Phone ne: UNCLASSIFIED

  16. SUPERCHARGE YOUR SECURITY Upcoming WaterISAC Events and Opportunities  Monthly Water Sector Cyber Threat Web Briefing  Wednesday, September 26, 2018; 2:00 – 3:00 PM ET

  17. SUPERCHARGE YOUR SECURITY Thank You WaterISAC Contact Information: 1-866-H2O-ISAC Michael Arceneaux Paul Laporte Managing Director Member Relations Manager arceneaux@waterisac.org laporte@waterisac.org Chuck Egli Jennifer Walker Lead Analyst Cybersecurity Risk Analyst egli@waterisac.org walker@waterisac.org

Recommend


More recommend