1.7: Security Assessments Flashcards
Threat Hunting
Find the attacker before they find you
strategies are constantly changing (firewalls get better, so phishing gets better)
Intelligence data is reactive, not proactive.
Speed up the reaction time.
Intelligence Fusion
Lots of overwhelming data that is received, be able to parse and then make a decision based on that data.
Many data types.
Many different teams.
Take all of this data, put into a giant DB and use data analytics to pick out data points that make sense and can be used to help find an attack vector.
Fusing the Data
Collect the data
Logs and sensors, network data, intrusion detection systems data.
External sources from threat feeds, gov’t feeds, social media.
Cybersecurity Manuevers
Move firewalls, set rules, block addresses and delete software.
Automated manuevers, computer responds to data at the speed of light.
Vulnerability Scans
minimally invasive, unlike a pen test.
Port scan: See whats open
National Vulnerability Database
nvd.nist.gov.
CVSS
Common Vulnerability Scoring System
Quantitative scoring 0-10
scoring standards change over time.
False Positive
Vulnerability is identified that doesn’t exist.
False Negative
vulnerability exists, wasn’t detected.
Configuration Review
Validate the security of device configurations
SIEM
Security Information and Event Management
Logging of security events and info.
SIEM Data:
Server auth attempts
VPN connections
Firewall session logs
Denied outbound traffic flows
Syslog
Standard for message logging.
sent from other devices into a central repository
Integrated into the SIEM
Security Monitoring
Constant information flow
Track important stats
send alerts when problems are found
Create triggers to automate responses
Big Data
Analytics to analyze large stores and identify patterns that would normally remain invisible.
UEBA
User and entity behavior analytics
Detect insider threats
Identify targeted attacks
