Chapter 7 Security Assessments Flashcards
What is Threat hunting?
The practice of proactively searching for cyber threats that are inside a network, yet remain undetected.
What kind of tools do you use for Cyber threat hunting?
Tools, Techniques, and procedures (TTPs)
What is meant by Living off the land?
When an attacker uses system resources to continue their presence
What are examples of Indicators of attack (IOA)?
Creating an account, connecting out to a command-and-control server, and moving data off of a network in an encrypted stream
What is Intelligence fusion?
A process involving collecting and analyzing threat feeds from both internal and external sources on a large scale
What are Threat feeds?
Sources of information concerning adversaries
What are Advisories and bulletins?
Published sets of information from partners, such as security vendors, industry groups, the govt, etc
What is meant by Maneuver?
The ability to move within a network
How can Threat hunting counter an attacker maneuvering through a system?
- Watching traffic at choke points
- Analyze the company’s own network infrastructure from an attackers point of view to better understand how an attack can happen
What is Vulnerability Scanning?
The process of examining services on computer systems for known vulnerabilities in software
What are false positives?
When an Indicator of compromise (IOC) is potentially detected but happened to not be a real threat
What is a false negative?
When you test for something, do not get an indication, but the results should have been true
What is an example of a false positive?
When you detect a failed login followed by a successful login being labeled as malicious, when the activity was caused by a user making a mistake after recently changing their password
What is an example of a false negative?
If you scan ports to find any open ones and you miss a port that is open because the scanner could not detect it being open, and you don’t run a test because of it
What are Log reviews?
Logs that provide info as to security incidents, policy violations and other abnormal conditions that require further analysis