The document outlines Atlassian's approach to security incident management, emphasizing their security team's processes and communication strategies. It details the incident handling phases from preparation to post-incident review regarding a vulnerability in the Apache Struts framework. Key activities include detecting, analyzing, containing, and recovering from incidents while ensuring trust and transparency throughout the process.

1. SecOps
Bringing agility into security
ANDREW WURSTER | SECINT TEAM LEAD | @YOURCISCOKID

2. Meet Atlassian’s Security Team

3. BUILD TRUST WITH
EVERY TEAM.

4. Security Intelligence
Incident detection, response
Who is the Atlassian Security Team?
Policies and Trust
Trust @ Atlassian
Security Engineering
Secure by design

6. How we work

7. Prepare Detect,
Analyze
Contain,
Eradicate,
Recover
Post-Incident
Review
Primer: Incident Handling Process

8. Phase 0: Prepare

9. Phase 1: Detect and Analyze

10. THE BACKSTORY
Apache Struts
Framework
Remote Code
Execution
Multiple
Products,
Services

11. Alerts
Logs / Alerts JIRA / Service DeskEmail Ingestion User ReportsIndustry Groups
Investigations
Incidents

12. INCIDENT TIMELINE
Apache
contacts us
06 Mar
Reported to
Apache
02 Mar ??
Vuln.
Published
0 Day
Investigations
kick off
Incident Raised
Incident —>
07 Mar
Investigation —>
09 Mar09 Mar

13. Incidents

15. Phase 2:
Contain, Eradicate, Recover

16. CROSSING THE STREAMS
Investigating the
exploit
Building and
deploying the fix
Forming and
sending comms

20. INCIDENT TIMELINE
Incident ActivitiesHipChat Fix
Customer Comms
Incident —>
Investigate Access
13 Mar09 Mar
Review —>
Crowd Fix
Bamboo Fix
Push fix to Bamboo Cloud
Validate Fix Revalidate Fix
Check Access
10 Mar
Vulnerability Annouce
CommsComms Draft
Recovery

21. Phase 3: Review

23. INCIDENT TIMELINE
Conduct Incident
Review Carry out PIR
actions
Incident —>
05 April
Review —>
10 Mar 30 Mar13 Mar
Open PIR for
comment
Close PIR

24. Helping you

26. Thank you!
ANDREW WURSTER | SECINT TEAM LEAD | @YOURCISCOKID