G Y R N Status Definitions Green Yellow

  • Slides: 2
Download presentation
G Y R N Status Definitions: Green Yellow Red Grey On Target Risk of

G Y R N Status Definitions: Green Yellow Red Grey On Target Risk of Being Behind Target Will Not Meet Target Not Started / Completed Report Date: 08/20/2010 HBGary Staff Augmentation Status Report Overall Status G Est. Complete Key Project Elements On-boarding Phil G Active Defense Deployment Open ticket with infrastructure team Obtain latest bits from HBGary 7/15/2010 G Staff Augmentation Work MSCERT tickets Provide feedback to team on processes procedures 8/31/2010 G Train MSCERT on HBGary Software Work MSCERT tickets Provide feedback to team on processes procedures Deploy AD in Production Managed Services Proposal POC AD Work MSCERT Tickets June July August 8/31/2010 Short Term Objectives • • Finalize managed services proposal Complete engagement and meet all required objectives Process results from proposed SCCM scan for APT known names. Work with GWM network team to resolve all connection issues. Project Risks Project Days • None 1

G Y R N Status Definitions: Green Yellow Red Grey On Target Risk of

G Y R N Status Definitions: Green Yellow Red Grey On Target Risk of Being Behind Target Will Not Meet Target Not Started / Completed Report Date: 08/20/2010 HBGary Staff Augmentation Status Report Overall Workstream Status G Activities This Week Meetings: • Participated in the following calls/meetings: • MSCERT team weekly call • Met with GWM network team to troubleshoot HBAD agent deployments Project Activities: • Administrative • Upgraded HBAD server to latest version. Fixed GUI install and performance issues. • Completed testing of the HB Innoculator tool in the Morgan environment. • Introduced the Timeline feature of HBAD to team members. It will be in the next official release of HBAD. The feature allows an analyst to more quickly determine the cause of the compromise. • Training • Trained Kathy Braun on usage of the tool for remediation efforts. • Tickets • Worked numerous cases using HBAD server • Remediated multiple systems • Requested three tickets be opened to allow GWM agents to talk to HBAD server. • Investigations • SQL Injection attack against www. morganstanleyindividual. com. This was an information gathering attack which was not successful. It was believed to be targeted do to the attack string and the parameter chosen. Marlen is handling escalation to the Web team. • Korean SPAM. Two users received SPAM with a link that attempted to install a Buzus variant (malware). The proxies were successful in blocking the download. HBAD was used to scan the systems which showed no malware. Activities Next Week • Train MSCERT staff on Responder • Work tickets as needed 2

red green yellow blue violett red green yellowred green yellow blue violett red green yellow