1.7 Summarize the techniques used in security assessments Flashcards
What is Threat hunting?
Threat hunting is a proactive security technique focused on identifying and mitigating advanced threats and adversaries within an organization’s network by continuously searching for indicators of compromise or suspicious activities.
What term describes the proactive identification and mitigation of advanced threats within a network?
Threat hunting
What is Intelligence fusion?
Intelligence fusion is the process of integrating and analyzing data from multiple sources, such as open-source intelligence (OSINT), closed sources, and internal data, to produce actionable insights and intelligence for cybersecurity decision-making.
What term describes the integration and analysis of data from various sources to produce actionable insights?
Intelligence fusion
What are Threat feeds?
Threat feeds are streams of curated cybersecurity data, such as indicators of compromise (IOCs), threat intelligence reports, or security advisories, provided by external sources to help organizations detect, prevent, and respond to security threats.
What term describes streams of curated cybersecurity data provided by external sources?
Threat feeds
What are Advisories and bulletins?
Advisories and bulletins are official communications issued by cybersecurity organizations, vendors, or authorities to inform the public about security vulnerabilities, threats, patches, or best practices to protect against emerging risks and attacks.
What term describes official communications about security vulnerabilities, threats, or patches?
Advisories and bulletins
What is Maneuver in security assessments?
Maneuver refers to the actions taken by attackers or defenders during security assessments to gain or maintain control over systems, networks, or data, often involving tactics such as lateral movement, privilege escalation, or data exfiltration.
What term describes actions taken by attackers or defenders to gain control during security assessments?
Maneuver
What are Vulnerability scans?
Vulnerability scans are automated or manual assessments conducted to identify security vulnerabilities, misconfigurations, or weaknesses in systems, applications, or networks, helping organizations prioritize and remediate potential risks.
What term describes assessments conducted to identify security vulnerabilities in systems or networks?
Vulnerability scans
What are False positives in security assessments?
False positives are incorrect or erroneous alerts, findings, or indications generated by security tools or assessments, mistakenly identifying benign activities or normal behavior as malicious or indicative of a security threat.
What term describes incorrect alerts or findings mistakenly identifying benign activities as security threats?
False positives
What are False negatives in security assessments?
False negatives are security incidents, threats, or vulnerabilities that are missed or undetected by security tools or assessments, failing to identify actual malicious activities or risks, which may lead to security breaches or compromise.
What term describes missed security incidents or vulnerabilities in security assessments?
False negatives
What are Log reviews in security assessments?
Log reviews involve analyzing logs and audit trails generated by systems, applications, or networks to identify abnormal or suspicious activities, unauthorized access attempts, or potential security breaches, aiding in incident detection and response.
What term describes analyzing logs to identify abnormal or suspicious activities in security assessments?
Log reviews
What is the difference between credentialed and non-credentialed scans?
Credentialed scans use privileged credentials or access rights to assess systems and applications comprehensively, while non-credentialed scans are conducted without such access, providing limited visibility and potentially missing certain vulnerabilities or misconfigurations.
What are Intrusive and non-intrusive assessments?
Intrusive assessments involve actively probing, testing, or exploiting systems, networks, or applications to identify vulnerabilities or security weaknesses. Non-intrusive assessments, on the other hand, rely on passive observation, analysis, or review of systems without actively engaging or disrupting them.