1.7 Summarize the techniques used in security assessments Flashcards
What is Threat hunting?
Threat hunting is a proactive security technique focused on identifying and mitigating advanced threats and adversaries within an organization’s network by continuously searching for indicators of compromise or suspicious activities.
What term describes the proactive identification and mitigation of advanced threats within a network?
Threat hunting
What is Intelligence fusion?
Intelligence fusion is the process of integrating and analyzing data from multiple sources, such as open-source intelligence (OSINT), closed sources, and internal data, to produce actionable insights and intelligence for cybersecurity decision-making.
What term describes the integration and analysis of data from various sources to produce actionable insights?
Intelligence fusion
What are Threat feeds?
Threat feeds are streams of curated cybersecurity data, such as indicators of compromise (IOCs), threat intelligence reports, or security advisories, provided by external sources to help organizations detect, prevent, and respond to security threats.
What term describes streams of curated cybersecurity data provided by external sources?
Threat feeds
What are Advisories and bulletins?
Advisories and bulletins are official communications issued by cybersecurity organizations, vendors, or authorities to inform the public about security vulnerabilities, threats, patches, or best practices to protect against emerging risks and attacks.
What term describes official communications about security vulnerabilities, threats, or patches?
Advisories and bulletins
What is Maneuver in security assessments?
Maneuver refers to the actions taken by attackers or defenders during security assessments to gain or maintain control over systems, networks, or data, often involving tactics such as lateral movement, privilege escalation, or data exfiltration.
What term describes actions taken by attackers or defenders to gain control during security assessments?
Maneuver
What are Vulnerability scans?
Vulnerability scans are automated or manual assessments conducted to identify security vulnerabilities, misconfigurations, or weaknesses in systems, applications, or networks, helping organizations prioritize and remediate potential risks.
What term describes assessments conducted to identify security vulnerabilities in systems or networks?
Vulnerability scans
What are False positives in security assessments?
False positives are incorrect or erroneous alerts, findings, or indications generated by security tools or assessments, mistakenly identifying benign activities or normal behavior as malicious or indicative of a security threat.
What term describes incorrect alerts or findings mistakenly identifying benign activities as security threats?
False positives
What are False negatives in security assessments?
False negatives are security incidents, threats, or vulnerabilities that are missed or undetected by security tools or assessments, failing to identify actual malicious activities or risks, which may lead to security breaches or compromise.
What term describes missed security incidents or vulnerabilities in security assessments?
False negatives
What are Log reviews in security assessments?
Log reviews involve analyzing logs and audit trails generated by systems, applications, or networks to identify abnormal or suspicious activities, unauthorized access attempts, or potential security breaches, aiding in incident detection and response.
What term describes analyzing logs to identify abnormal or suspicious activities in security assessments?
Log reviews
What is the difference between credentialed and non-credentialed scans?
Credentialed scans use privileged credentials or access rights to assess systems and applications comprehensively, while non-credentialed scans are conducted without such access, providing limited visibility and potentially missing certain vulnerabilities or misconfigurations.
What are Intrusive and non-intrusive assessments?
Intrusive assessments involve actively probing, testing, or exploiting systems, networks, or applications to identify vulnerabilities or security weaknesses. Non-intrusive assessments, on the other hand, rely on passive observation, analysis, or review of systems without actively engaging or disrupting them.
What terms describe assessment methods involving active probing and passive observation, respectively?
Intrusive and non-intrusive assessments
What is an Application security assessment?
An Application security assessment is a systematic evaluation of software applications to identify and mitigate security risks, vulnerabilities, or weaknesses that could be exploited by attackers to compromise the confidentiality, integrity, or availability of data or functionality.
What term describes the evaluation of software applications to identify security risks or vulnerabilities?
Application security assessment
What is a Web application security assessment?
A Web application security assessment is a specialized form of application security assessment focused on evaluating the security posture of web-based applications, including websites, web services, and web APIs, to identify and remediate vulnerabilities or weaknesses.
What term describes the evaluation of security in web-based applications such as websites or web services?
Web application security assessment
What is a Network security assessment?
A Network security assessment is an evaluation of an organization’s network infrastructure, architecture, and security controls to identify vulnerabilities, misconfigurations, or weaknesses that could be exploited by attackers to gain unauthorized access or disrupt operations.
What term describes the evaluation of an organization’s network infrastructure and security controls?
Network security assessment
What are CVE and CVSS?
CVE (Common Vulnerabilities and Exposures) is a dictionary of publicly known information security vulnerabilities and exposures, while CVSS (Common Vulnerability Scoring System) is a standardized framework for assessing and rating the severity of vulnerabilities based on their characteristics and potential impact.
What terms describe a dictionary of security vulnerabilities and a framework for rating their severity?
CVE and CVSS
What is a Configuration review in security assessments?
A Configuration review involves examining and analyzing the settings, configurations, and parameters of systems, applications, or networks to ensure they align with security best practices, policies, or industry standards and to identify any deviations or weaknesses that could pose security risks.
What term describes the examination of system or network settings to ensure alignment with security best practices?
Configuration review
What is Syslog/Security information and event management (SIEM)?
Syslog is a standard protocol for logging and transmitting event messages within a network, while SIEM (Security Information and Event Management) is a comprehensive approach to security management that combines real-time monitoring, event correlation, and incident response capabilities.
What terms describe a logging protocol and a comprehensive security management approach?
Syslog and SIEM
What are Review reports in security assessments?
Review reports are detailed documents or summaries produced as part of security assessments, audits, or evaluations, providing findings, recommendations, and remediation steps based on the analysis of vulnerabilities, risks, or security controls.
What term describes detailed documents providing findings and recommendations from security assessments?
Review reports
What is Packet capture in security assessments?
Packet capture, also known as packet sniffing or network sniffing, is the process of intercepting and logging data packets flowing through a network for analysis, monitoring, or troubleshooting purposes, allowing security analysts to inspect network traffic and identify security threats or anomalies.
What term describes the process of intercepting and logging network traffic for analysis or monitoring?
Packet capture
What are Data inputs in security assessments?
Data inputs in security assessments refer to the information, events, or data sources used for analysis, monitoring, or detection of security threats, vulnerabilities, or suspicious activities within an organization’s network, systems, or applications.
What term describes the information or data sources used for security analysis or monitoring?
Data inputs
What is User behavior analysis in security monitoring?
User behavior analysis in security monitoring involves the systematic analysis and interpretation of user activities, actions, or patterns within a network or system to detect anomalies, identify insider threats, or prevent unauthorized access or data breaches.
What term describes the systematic analysis of user activities to detect anomalies or insider threats?
User behavior analysis
What is Sentiment analysis in security monitoring?
Sentiment analysis in security monitoring is the process of analyzing textual data, such as social media posts, emails, or chat logs, to assess the sentiment, tone, or emotions expressed within the content, helping to identify potential security threats or public perception.
What term describes the analysis of sentiment or emotions expressed in textual data?
Sentiment analysis
What is Security monitoring?
Security monitoring is the continuous observation, analysis, and assessment of an organization’s systems, networks, or digital assets to detect and respond to security threats, suspicious activities, or unauthorized access attempts in real-time or near real-time.
What term describes continuous observation and analysis of systems to detect security threats?
Security monitoring
What is Log aggregation in security operations?
Log aggregation is the process of collecting, consolidating, and centralizing log data from various sources, such as systems, applications, or network devices, into a unified platform or repository for analysis, correlation, and monitoring in security operations.
What term describes the process of collecting and centralizing log data from multiple sources?
Log aggregation
What are Log collectors in security monitoring?
Log collectors are software or systems designed to gather, parse, and forward log data generated by devices, applications, or systems within an organization’s network to centralized log management or analysis tools for monitoring, analysis, or incident response purposes.
What term describes software or systems used to gather and forward log data for centralized analysis?
Log collectors
What is SOAR in cybersecurity operations?
SOAR (Security Orchestration, Automation, and Response) is a comprehensive approach to cybersecurity operations that integrates security tools, processes, and workflows to streamline incident response, automate repetitive tasks, and orchestrate security actions across an organization’s infrastructure.
What term describes the integration of security tools and automation to streamline incident response?
Security Orchestration, Automation, and Response (SOAR)
