1.7 Flashcards
Summarize the techniques used in security assessments.
Is the practice of proactively searching for cyber threats that are inside a network yet remain undetected.
Threat hunting
______________ involves integrating multiple sources of threat intelligence to produce actionable insights and enhance situational awareness for cybersecurity operations.
Intelligence fusion
Are streams of curated threat intelligence data
Threat feeds
Are published sets of information from partners, such as security vendors, industry groups, the government, information-sharing groups, and other sources of information.
Advisories and bulletins
Refers to the strategic movement or actions taken by attackers to exploit vulnerabilities, evade detection, or achieve their objectives within a target network or system.
Maneuver
Are automated assessments conducted to assess security vulnerabilities present in systems.
Vulnerability scans
Are instances where a security tool incorrectly identifies benign or legitimate activity as malicious or suspicious.
False positives
Are instances where a security tool fails to detect genuine security threats or malicious activity, thereby allowing them to go undetected.
False negatives
Involve analyzing log files generated by systems, applications, or network devices to identify security incidents, anomalies, or unauthorized activities.
Log reviews
Accessing systems, devices, or applications using valid authentication credentials, to perform authorized actions or operations.
Credentialed
Refers to accessing systems, devices, or applications without using valid authentication credentials.
non-credentialed
Security assessments that involve actively probing, scanning, or interacting with systems, networks, or applications to identify vulnerabilities. May include penetration testing, vulnerability scanning, and other active reconnaissance techniques.
Intrusive
Security assessments that involve passive observation, analysis, or monitoring of systems, networks, or applications without directly interacting with them. Aim to assess security posture without disrupting normal operations or risking system stability.
non-intrusive
Is a standardized list of publicly known cybersecurity vulnerabilities identified by the MITRE Corporation. Each entry includes a unique identifier, description, and references to affected products or systems.
Common Vulnerabilities and
Exposures (CVE)
Is a scoring system used to assess the severity of vulnerabilities based on various factors such as exploitability, impact, and complexity.
Common
Vulnerability Scoring System (CVSS)
Involves evaluating the configuration settings of systems, devices, or applications to identify security weaknesses, misconfigurations, or deviations from best practices. Help ensure that systems are properly configured to minimize security risks and comply with security policies.
Configuration review
Is a standard protocol used for sending and receiving log messages from network devices, servers, and applications.
Syslog
Are applications that collect, aggregate, and analyze log data from various sources to provide real-time monitoring, threat detection, and incident response capabilities in cybersecurity operations.
Security information and
event management (SIEM)
Also known as packet sniffing or network traffic analysis, involves capturing and analyzing network packets transmitted over a network.
Packet capture
Is a cybersecurity technique that involves monitoring and analyzing user activities, behaviors, and patterns to detect anomalies, insider threats, and suspicious behavior indicative of security incidents.
User behavior analysis
Is a cybersecurity technique that involves analyzing text data, such as social media posts, emails, or customer reviews, to determine the opinions, or attitudes expressed by individuals or groups.
Sentiment analysis
Involves continuously monitoring and analyzing systems, networks, and data for signs of security threats, vulnerabilities, or unauthorized activities.
Security monitoring
Is the process of combining logs together.
Log aggregation
Are pieces of software that function to gather data from multiple independent sources and feed it into a unified source such as a SIEM.
Log collectors
Are systems that take SIEM data as well as data from other sources and assist in the creation of runbooks and playbooks.
Security orchestration,
automation, and response (SOAR)
