prepare your incident response team - first...2015/06/14 · general keith alexander, us army...
TRANSCRIPT
![Page 1: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/1.jpg)
PREPARE YOUR INCIDENT RESPONSE TEAM
JUNE 2015
Michael Harrington, Fidelis Cybersecurity
![Page 2: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/2.jpg)
It’s a big problem...
“In 2013, the average cost of cybercrime was $11.56M, with a single attack taking an average of 32 days and over $1M to resolve.”
2013 Cost of Cyber Crime Study, Ponemon Institute
“The scale of international theft of American intellectual property (IP) is unprecedented - hundreds of billions of dollars per year, on the order of the size of U.S. exports to Asia.”
The IP Commission Report
“The ongoing cyber-thefts from the networks of public and private organizations, including Fortune 500 companies, represent the greatest transfer of wealth in human history.”
General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service, Commander
of the United States Cyber Command
![Page 3: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/3.jpg)
With no easy answers...
FIREWALL
INTRUSION PREVENTION
NETWORK-CONNECTED MALWARE DETECTION
NETWORK SECURITY ANALYTICS
AV, NETWORK DLP
![Page 4: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/4.jpg)
Critical Questions
Incident Response Expectations
Before an Incident Happens
Identify the teams of fully authorized key players
What Really Happens
How Did You Respond
Recovery
Conclusion & Questions
Overview
![Page 5: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/5.jpg)
You have been BREACHED now what?
Fidelis Proprietary information
Critical Questions
![Page 6: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/6.jpg)
You have been BREACHED now what?
Who should be involved, who should not?
Fidelis Proprietary information
Critical Questions
![Page 7: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/7.jpg)
You have been BREACHED now what?
Who should be involved, who should not?
Have you TRAINED for this?
Fidelis Proprietary information
Critical Questions
![Page 8: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/8.jpg)
You have been BREACHED now what?
Who should be involved, who should not?
Have you TRAINED for this?
What are the FIRST steps and actions?
Fidelis Proprietary information
Critical Questions
![Page 9: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/9.jpg)
You have been BREACHED now what?
Who should be involved, who should not?
Have you TRAINED for this?
What are the FIRST steps and actions?
Do you know your ROLE?
Fidelis Proprietary information
Critical Questions
![Page 10: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/10.jpg)
You have been BREACHED now what?
Who should be involved, who should not?
Have you TRAINED for this?
What are the FIRST steps and actions?
Do you know your ROLE?
How do you handle EVIDENCE?
Fidelis Proprietary information
Critical Questions
![Page 11: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/11.jpg)
Notification and Identification
I.R. Expectations
![Page 12: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/12.jpg)
Notification and Identification
Classification: Is this a MAJOR or MINOR incident?
I.R. Expectations
![Page 13: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/13.jpg)
Notification and Identification.
Classification: Is this a MAJOR or MINOR incident?
Know the I.R. TEAM: The People needed to respond.
I.R. Expectations
![Page 14: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/14.jpg)
Notification and Identification.
Classification: Is this a MAJOR or MINOR incident?
Know the I.R. TEAM: The People needed to respond.
Know the Processes and Procedures & Legal and
Regulatory Requirements.
I.R. Expectations
![Page 15: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/15.jpg)
Notification and Identification.
Classification: Is this a MAJOR or MINOR incident?
Know the I.R. TEAM: The People needed to respond.
Know the Processes and Procedures & Legal and
Regulatory Requirements.
3rd Party I.R. Teams and Partners
I.R. Expectations
![Page 16: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/16.jpg)
Identify the team of fully authorized key players
Before an Incident
![Page 17: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/17.jpg)
Identify the team of fully authorized key players
Know Everyone's Roles and Responsibilities
Before an Incident
![Page 18: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/18.jpg)
Identify the team of fully authorized key players
Know Everyone's Roles and Responsibilities
Have Executive and Legal Support for the I.R. Plan
Before an Incident
![Page 19: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/19.jpg)
Leadership Team
Identify the Teams of Fully
Authorized Players
![Page 20: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/20.jpg)
Leadership Team
Legal Team
Identify the Teams of Fully
Authorized Players
![Page 21: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/21.jpg)
Leadership Team
Legal Team
Security Operations Team
Identify the Teams of Fully
Authorized Players
![Page 22: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/22.jpg)
Leadership Team
Legal Team
Security Operations Team
Forensics Team
Identify the Teams of Fully
Authorized Players
![Page 23: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/23.jpg)
Leadership Team
Legal Team
Security Operations Team
Forensics Team
Data Analysis Team
Identify the Teams of Fully
Authorized Players
![Page 24: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/24.jpg)
TRAIN --- TRAIN --- TRAIN
Before an Incident
![Page 25: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/25.jpg)
TRAIN --- TRAIN --- TRAIN
*** TRAIN as a TEAM ***
Before an Incident
![Page 26: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/26.jpg)
TRAIN --- TRAIN --- TRAIN
*** TRAIN as a TEAM ***
TEST Processes and Procedures
Before an Incident
![Page 27: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/27.jpg)
Test Your I.R. Plan > DRILL
Know Everyone's Roles and Responsibilities
Have Executive and Legal Support for the I.R. Plan
Before an Incident
![Page 28: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/28.jpg)
What Really Happens
![Page 29: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/29.jpg)
It is like a Circus!
What Really Happens
![Page 30: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/30.jpg)
Critical DATA is LOST!
Evidence about the Intrusion could be
DELETED!
What Really Happens
![Page 31: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/31.jpg)
Attempts are made to limit DAMAGE so the business can run.
What Really Happens
![Page 32: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/32.jpg)
Attempts are made to limit DAMAGE so the business can run.
A BALANCE must be made between I.R. and the Business!
What Really Happens
![Page 33: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/33.jpg)
How Did You Respond?
![Page 34: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/34.jpg)
How Did You Respond?
TO: Heartbleed?
![Page 35: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/35.jpg)
How Did You Respond?
TO: ShellShock?
![Page 36: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/36.jpg)
How Did You Respond
Most organizations were scrambling around.
![Page 37: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/37.jpg)
How Did You Respond
Most organizations were scrambling around.
If your security staff responded quickly and efficiently
then I commend you.
![Page 38: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/38.jpg)
How Did You Respond
Most organizations were scrambling around.
If your security staff responded quickly and efficiently
then I commend you.
What I saw in a number of companies was chaos!
![Page 39: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/39.jpg)
How Did You Respond
Most organizations were scrambling around.
If your security staff responded quickly and efficiently
then I commend you.
What I saw in a number of companies was chaos!
If you TRAINED as a TEAM and everyone knew what
to do, then your 1000% better prepared than most
organizations.
![Page 40: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/40.jpg)
Plan
Train
Drill
Repeat
Keys for Breach
Preparedness
![Page 41: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/41.jpg)
Fixed it or did we really?
We have seen 2nd and 3rd breaches on the same customer
These were probably the same attackers hiding in wait and then they
came back out.
Recovery
![Page 42: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/42.jpg)
We Know How To Eliminate Online Risk
![Page 43: PREPARE YOUR INCIDENT RESPONSE TEAM - FIRST...2015/06/14 · General Keith Alexander, US Army (ret), Director of the National Security Agency, Chief of the Central Security Service,](https://reader035.vdocuments.us/reader035/viewer/2022070811/5f0a82db7e708231d42bfe15/html5/thumbnails/43.jpg)
`