FloCon 2017

AT THE REQUEST OF THE PRESENTERS, THESE SLIDES WILL NOT BE SHARED.
The cyber threat landscape is constantly shifting. Attackers continually develop new tactics, tools, and procedures (TTPs) to breach and gain entry into systems. This requires incident response teams to be able to adapt and respond to these agile and dynamic threats on a daily basis. The National Cybersecurity and Communications Integration Center's (NCCIC) Hunt and Incident Response Team (HIRT) is the primary source of agile and dynamic incident response and hunt services to the entire federal network space. In this capacity, it is necessary for HIRT to assess and adapt to the myriad of operational hurdles caused by the dynamic nature of the adversary and the uniqueness of every client network that it deploys to. Adaptation to these variables is achieved in two ways by the NCCIC HIRT. Foremost, a sound methodology for ad hoc deployment to client networks must be established. This methodology will serve as the foundation for all hunt and incident response operations. Lastly, integration and correlation of data from disparate sources must occur for success to be achieved. Host based, network flow, infrastructure devices, and intelligence sources must all be utilized in conjunction with one another to achieve success in the field. NCCIC HIRT must utilize custom hardware and software solutions and accompanying analysis and deployment methodologies for all components of the mission to work seamlessly. Next generation incident response kits and accompanying methodologies and workflows have been developed to combat this constantly changing threat landscape.