and analysis center
play

and Analysis Center DHS Hunt and Incident Response Team September - PowerPoint PPT Presentation

Jul 18, 2023 •247 likes •429 views

SUPERCHARGE YOUR SECURITY Water Information Sharing and Analysis Center DHS Hunt and Incident Response Team September 12, 2018 SUPERCHARGE YOUR SECURITY Presenter Brian Draper, DHS NCCIC HIRT Slides and recording will be posted by

  1. SUPERCHARGE YOUR SECURITY Water Information Sharing and Analysis Center DHS Hunt and Incident Response Team September 12, 2018

  2. SUPERCHARGE YOUR SECURITY Presenter  Brian Draper, DHS NCCIC HIRT Slides and recording will be posted by Thursday.

  3. National Cybersecurity & Communications Integration Center (NCCIC) HUNT AND INCIDENT RESPONSE TEAM (HIRT) Brian Draper Sr. Incident Response Analyst NCCIC Hunt and Incident Response Team (HIRT)

  4. 5 UNCLASSIFIED

  5. Agenda nda HIRT Overview w HIRT Service ce Offerings gs Proacti tive Hunt vs. Incide ident nt Respons nse Incide ident nt Respons nse Life ifecycl cle Prio ioritizi zing ng Incide idents nts Enga gagement nt Types Enga gagement nt Workflo low How ow to Contac act t HIRT UNCLASSIFIED

  6. Hunt & Incident The National Cybersecurity Communications and Integration Center (NCCIC) Hunt and Incident Response Team Response Team (HIRT) provides expert intrusion analysis and (HIRT) mitigation guidance to clients who lack the in-house capability or require additional assistance with responding to a cyber incident. HIRT’s clients include: Uniquely positioned to provide Federal departments and agencies comprehensive State, Local, Tribal and Territorial (SLTT) analysis governments Classified and unclassified tactics, Private Sector (Industry & Critical techniques and procedures (tips) Infrastructure) Public and private sector partners Academia Established relationships with International Organizations Law Enforcement, Intelligence Community and International Partners 7 UNCLASSIFIED

  7. HIRT RT Servic ice e Offerin ings gs  Incide dent t Triage ge  Hunt Analysis  Network ork Topol olog ogy y Re Review  Mitigati tion on  Infras astr truc ucture ure Configurat guration on Malwar ware Analys ysis  Re Review  Log Analysis  Digital Media Analys ysis  Incide dent t Specific Risk  Control rol Syste tem m Incide dent t Overview w Analys ysis UNCLASSIFIED

  8. Proac oactive tive Hun unt Incident cident Res espo ponse nse A search for malicious activity through HIRT takes action to respond to a the examination of a network reported incident and to address the environment for exploitation tools, increased risks generated by the tactics, procedures, and associated incident artifacts Asset owners and trusted third parties report information to NCCIC. An asset owner-driven request Trusted reporters include FBI, Information Sharing and Analysis Centers (ISACs), and Uses a risk review to scope the breadth other government agencies of the Proactive Hunt Uses a risk review to scope the breadth If malicious activity is observed during a of the Incident Response hunt, move to Incident Response UNCLASSIFIED

  9. HIR IRT T In Incident ent Response sponse Lifec ecycle ycle UNCLASSIFIED

  10. NCISS S Solution ion NCCIC Cyber Incident nt Scori oring ng System em (NCISS) Based ed on NIST T 800-61 Rev Revision 2 • Functional Impact • Information Impact • Recoverability • Adds Actor Characterization • Adds Observed Activity • Adds Location of Observed Activity • Adds Cross Sector Dependency • Adds Potential Impact Uses a weighted average (math) of the above criteria for a repeatable process UNCLASSIFIED

  11. En Engageme gement nt Typ ypes es Providing assistance without being physically Re Remot ote Assistance nce onsite Advising for mitigation onsite but technical Advisory y Deploym yment nt analysis capabilities not deployed Deploying Equipment, remotely conducting Re Remot ote Deploym yment nt analysis Deployment of equipment and personal onsite to Onsite te Deploym yment nt conduct technical analysis UNCLASSIFIED

  12. Inci cident dent Re Respon onse se Workflow rkflow UNCLASSIFIED

  13. Onsit ite e Deplo loym yment ent Tea eam m Composit positio ion UNCLASSIFIED

  14. Engag gagement ment Timeli meline ne UNCLASSIFIED

  15. How to Contact ntact NCCIC IC for Hun unt and Inci cident dent Re Respon onse se Services vices OPERATIONS : ncciccustomerservice@hq.dhs.gov Emai ail: : 888-282-0870 Phone ne: UNCLASSIFIED

  17. SUPERCHARGE YOUR SECURITY Upcoming WaterISAC Events and Opportunities  Monthly Water Sector Cyber Threat Web Briefing  Wednesday, September 26, 2018; 2:00 – 3:00 PM ET

  18. SUPERCHARGE YOUR SECURITY Thank You WaterISAC Contact Information: 1-866-H2O-ISAC Michael Arceneaux Paul Laporte Managing Director Member Relations Manager arceneaux@waterisac.org laporte@waterisac.org Chuck Egli Jennifer Walker Lead Analyst Cybersecurity Risk Analyst egli@waterisac.org walker@waterisac.org

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Joint Physics Analysis Center (JPAC) The Joint Physics Analysis Center (JPAC) formed in

Joint Physics Analysis Center (JPAC) The Joint Physics Analysis Center (JPAC) formed in

Amplitude analysis of / 0 0 Alessandro Pilloni Joint Physics Analysis Center Krakow, June 6 th , 2016 Joint Physics Analysis Center (JPAC) The Joint Physics Analysis Center (JPAC) formed in October 2013 We

873 views • 17 slides
ANALYSIS Ray Campbell January 10, 2019 CENTER FOR HEALTH INFORMATION AND ANALYSIS CHIAs

ANALYSIS Ray Campbell January 10, 2019 CENTER FOR HEALTH INFORMATION AND ANALYSIS CHIAs

OVERVIEW OF THE CENTER FOR HEALTH INFORMATION AND ANALYSIS Ray Campbell January 10, 2019 CENTER FOR HEALTH INFORMATION AND ANALYSIS CHIAs Mission and Vision CHIA has extensive authority to compel the submission of data from

515 views • 12 slides
CAPR CENTER FOR THE ANALYSIS OF POSTSECONDARY READINESS Student Assessment and Placement

CAPR CENTER FOR THE ANALYSIS OF POSTSECONDARY READINESS Student Assessment and Placement

CAPR CENTER FOR THE ANALYSIS OF POSTSECONDARY READINESS Student Assessment and Placement Systems Using Multiple Measures Elisabeth Barnett, CCRC NYS Student Success Center November 2018 CAPR CENTER FOR THE ANALYSIS OF POSTSECONDARY

808 views • 51 slides
MANAGEMENT AND ANALYSIS OF NATIONAL MULTISITE PROGRAM EVALUATION DATA: CENTER FOR SUBSTANCE ABUSE

MANAGEMENT AND ANALYSIS OF NATIONAL MULTISITE PROGRAM EVALUATION DATA: CENTER FOR SUBSTANCE ABUSE

MANAGEMENT AND ANALYSIS OF NATIONAL MULTISITE PROGRAM EVALUATION DATA: CENTER FOR SUBSTANCE ABUSE PREVENTIONS DATA ANALYSIS COORDINATION AND CONSOLIDATION CENTER SESSION CHAIR AND DISCUSSANT: Beverlie Fallik, Ph.D. Center for Substance

638 views • 40 slides
Old Dominion University Virginia Modeling, Analysis & Simulation Center Enterprise Center,

Old Dominion University Virginia Modeling, Analysis & Simulation Center Enterprise Center,

Old Dominion University Virginia Modeling, Analysis & Simulation Center Enterprise Center, College of Engineering & Technology Established July 1997 by the Commonwealth of Virginia Locations in Suffolk (TCC-Portsmouth) and

751 views • 12 slides
Poles in the SAID NN analysis Ron Workman Data Analysis Center Institute for Nuclear Studies

Poles in the SAID NN analysis Ron Workman Data Analysis Center Institute for Nuclear Studies

Poles in the SAID NN analysis Ron Workman Data Analysis Center Institute for Nuclear Studies George Washington University GW/DAC/SAID group W.J. Briscoe (M. Dring) D. Schott I. Strakovsky MESON 2014 13 th International Workshop on Meson

389 views • 19 slides
Moving on Maternal Depression Webinar Series Sponsored by Schuyler Center for Analysis &

Moving on Maternal Depression Webinar Series Sponsored by Schuyler Center for Analysis &

Moving on Maternal Depression Webinar Series Sponsored by Schuyler Center for Analysis & Advocacy & the Postpartum Resource Center of New York October 21, 2020 Who We Are 2 Schuyler Center for Analysis & Postpartum Resource

405 views • 4 slides
Seeking for a fingerprint: analysis of point processes in actigraphy recordings Ewa

Seeking for a fingerprint: analysis of point processes in actigraphy recordings Ewa

Seeking for a fingerprint: analysis of point processes in actigraphy recordings Ewa Gudowska-Nowak Plus ratio quam vis M. Kac Center Complex Systems Research Center, M. Smoluchowski Institute of Physics and Malopolska Center of Biotechnology

622 views • 17 slides
Report Presentation Market & Feasibility Analysis Wisconsin Center Expansion May 14, 2014

Report Presentation Market & Feasibility Analysis Wisconsin Center Expansion May 14, 2014

Report Presentation Market & Feasibility Analysis Wisconsin Center Expansion May 14, 2014 DRAFT Wisconsin Center Expansion Study Process The Wisconsin Center District and Visit Milwaukee engaged HVS Convention, Sports & Entertainment

507 views • 29 slides
Naval Center for Cost Analysis (NCCA ) Validation and Improvement of the Rayleigh Curve Method

Naval Center for Cost Analysis (NCCA ) Validation and Improvement of the Rayleigh Curve Method

UNCLASSIFIED (FOR OFFICIAL USE ONLY) Naval Center for Cost Analysis (NCCA ) Validation and Improvement of the Rayleigh Curve Method 10-13 JUN 2014 POC: Mr. Jake Mender Ship & Ship Weapons Branch Naval Center for Cost Analysis

1.16k views • 38 slides
Naval Center for Cost Analysis Software Resource Data Report (SRDR) Analysis August 2013 Dataset

Naval Center for Cost Analysis Software Resource Data Report (SRDR) Analysis August 2013 Dataset

Naval Center for Cost Analysis Software Resource Data Report (SRDR) Analysis August 2013 Dataset Presented by: Nicholas Lanham June 10-13, 2014 1 Purpose To analyze software productivity and growth relationships when compared to several

511 views • 21 slides
Recent Advances in Software for Space-Time Data Analysis Sergio J. Rey GeoDa Center for

Recent Advances in Software for Space-Time Data Analysis Sergio J. Rey GeoDa Center for

Recent Advances in Software for Space-Time Data Analysis Sergio J. Rey GeoDa Center for Geospatial Analysis and Computation School of Geographical Sciences and Urban Planning Arizona State University Future Directions in Spatial Demography

849 views • 55 slides
FSU Center for Economic Forecasting and Analysis (CEFA) The Tallahassee Economy Project By:

FSU Center for Economic Forecasting and Analysis (CEFA) The Tallahassee Economy Project By:

FSU Center for Economic Forecasting and Analysis (CEFA) The Tallahassee Economy Project By: Julie Harrington, Ph.D. Director of the Center for Economic Forecasting and Analysis (CEFA) Florida State University For: The Tallahassee Economy

529 views • 39 slides
Data analysis for science Lee Samuel Finn Center for Gravitational Wave Physics 28 October 2002

Data analysis for science Lee Samuel Finn Center for Gravitational Wave Physics 28 October 2002

Data analysis for science Lee Samuel Finn Center for Gravitational Wave Physics 28 October 2002 Grav. Wave Source Simulation & 1 Data Analysis Workshop Overview Data analysis goals Distinguishing signal from noise:

299 views • 17 slides
Objectives Case Study Background & Data Text as a Network Refresher Hands on

Objectives Case Study Background & Data Text as a Network Refresher Hands on

<Your Name> Text as a Network: Analysis of COVID-19 related Tweets J.D. Moffitt jdmoffit@cs.cmu.edu CASOS Center, Institute for Software Research Carnegie Mellon University CASOS Summer Institute 2020 Center for Computational Analysis

316 views • 10 slides
Reproducibility in Data Science Juliana Freire Visualization, Imaging and Data Analysis Center

Reproducibility in Data Science Juliana Freire Visualization, Imaging and Data Analysis Center

Reproducibility in Data Science Juliana Freire Visualization, Imaging and Data Analysis Center (VIDA) Computer Science & Engineering Center for Data Science (CDS) VISUALIZATION IMAGING AND DATA ANALYSIS CENTER Data-Driven Exploration

557 views • 34 slides
Efficiency Program Jodi Slick CEO, Ecolibrium3 Duluth Energy Efficiency Program EPA Climate

Efficiency Program Jodi Slick CEO, Ecolibrium3 Duluth Energy Efficiency Program EPA Climate

EPA Climate Showcase Communities April 30, 2014 Duluth Energy Efficiency Program Jodi Slick CEO, Ecolibrium3 Duluth Energy Efficiency Program EPA Climate Showcase Communities Conference DEEP Process Contractor Free Energy Training

377 views • 16 slides
Spreading the Coordinated Care Model Communication Strategies: Brokers, Employers, Local

Spreading the Coordinated Care Model Communication Strategies: Brokers, Employers, Local

Spreading the Coordinated Care Model Communication Strategies: Brokers, Employers, Local Governments Presented to CCMA Workgroup April 20, 2016 Communication research and strategy Question: How to spread CCM in commercial market?

182 views • 16 slides
Jupai Holdings Ltd NYSE: JP Q3 2019 Disclaimer The information in this presentation is

Jupai Holdings Ltd NYSE: JP Q3 2019 Disclaimer The information in this presentation is

Jupai Holdings Ltd NYSE: JP Q3 2019 Disclaimer The information in this presentation is provided to you by Jupai Holdings Limited (the Company) pursuant to Section 5(d) of the U.S. Securities Act of 1933, as amended (the Securities

370 views • 23 slides
AGM Presentation April 2019 Agenda 1. 1. The he Law Debe benture Mode del 2. Group Hig

AGM Presentation April 2019 Agenda 1. 1. The he Law Debe benture Mode del 2. Group Hig

AGM Presentation April 2019 Agenda 1. 1. The he Law Debe benture Mode del 2. Group Hig Highlights 3. 3. Inv nvest stment Por ortfo folio io 4. 4. I Independent Profe fessi sional l Ser Servic ices 5. 5. Con onclu

511 views • 25 slides
The Institutes RiskBlock Alliance Overview May 2018 1 | The Institutes RiskBlock Alliance

The Institutes RiskBlock Alliance Overview May 2018 1 | The Institutes RiskBlock Alliance

5/2/2018 The Institutes RiskBlock Alliance Overview May 2018 1 | The Institutes RiskBlock Alliance Blockchain Overview 2 | The Institutes RiskBlock Alliance 1 5/2/2018 W hat is Blockchain? Fundamentally a digital ledger system for

443 views • 5 slides
The CCHI Small Groups Self-Funding Program A Presentation from CCHI 601 Montgomery Street,

The CCHI Small Groups Self-Funding Program A Presentation from CCHI 601 Montgomery Street,

The CCHI Small Groups Self-Funding Program A Presentation from CCHI 601 Montgomery Street, suite 315 San Francisco CA Info@cchi.com 415-398-8985 PPACA (ObamaCare) Is An Opportunity for Small Groups to Transition to Self-Funding Smaller

309 views • 9 slides
CORPORATE PRESENTATION Triveni Group Organisation Structure Triveni Group Triveni Triveni

CORPORATE PRESENTATION Triveni Group Organisation Structure Triveni Group Triveni Triveni

CORPORATE PRESENTATION Triveni Group Organisation Structure Triveni Group Triveni Triveni Turbine Engineering & Ltd. (TTL) Industries Ltd. TEIL holds 21.8% of the equity in TTL (TEIL) 50% plus one share Sugar GE Triveni Ltd.

671 views • 17 slides
BRINGING POLYMERS TO LIFE INVESTOR PRESENTATION OCTOBER 2016 Index 2. 3. 1. 4. Company

BRINGING POLYMERS TO LIFE INVESTOR PRESENTATION OCTOBER 2016 Index 2. 3. 1. 4. Company

BRINGING POLYMERS TO LIFE INVESTOR PRESENTATION OCTOBER 2016 Index 2. 3. 1. 4. Company Business/ Executive Financial Overview Industry Summary Overview Overview 2 1. Executive Summary 3 Executive Summary Incorporated in

461 views • 31 slides

More recommend