MODULE 20 - CERTIFICATION CYBER OPS ASSOCIATE Flashcards
Information Sources Network Intelligence Communities
To effectively protect a network, security professionals must stay informed about threats and vulnerabilities as they evolve.
There are many security organizations which provide network intelligence.
They provide resources, workshops, and conferences to help security professionals.
These organizations often have the latest information on threats and vulnerabilities.
Below are few important network security organizations.
– SANS
– Mitre
– FIRST
– SecurityNewsWire
– (ISC)2
– CIS
Below are few important network security organizations.
– SANS
– Mitre
– FIRST
– SecurityNewsWire
– (ISC)2
– CIS
SANS Organisation SysAdmin, Audit, Network, Security (SANS) Institute resources are largely free upon request and include:
The Internet Storm Center - the popular internet early warning system NewsBites, the weekly digest of news articles about computer security.
@RISK, the weekly digest of newly discovered attack vectors, vulnerabilities with active exploits, and explanations of how recent attacks worked Flash security alerts
Reading Room - more than 1,200 award-winning, original research papers. SANS also develops security courses.
Below are few important network security organizations.
– SANS
– Mitre
– FIRST
– SecurityNewsWire
– (ISC)2
– CIS
Mitre Organisation:
The Mitre Corporation maintains a list of common vulnerabilities and exposures (CVE) used by prominent security organizations.
Below are few important network security organizations.
– SANS
– Mitre
– FIRST
– SecurityNewsWire
– (ISC)2
– CIS
FIRST Organisation:
Forum of Incident Response and Security Teams (FIRST) is a security organization that brings together a variety of computer security incident response teams from government, commercial, and educational organizations to foster cooperation and coordination in information sharing, incident prevention and rapid reaction.
Below are few important network security organizations.
– SANS
– Mitre
– FIRST
– SecurityNewsWire
– (ISC)2
– CIS
SecurityNewsWire Organisation :
A security news portal that aggregates the latest breaking news pertaining to alerts, exploits, and vulnerabilities.
Below are few important network security organizations.
– SANS
– Mitre
– FIRST
– SecurityNewsWire
– (ISC)2
– CIS
(ISC)2 Organisation :
International Information Systems Security Certification Consortium (ISC2) provides vendor neutral education products and career services to more than 75,000+ industry professionals in more than 135 countries.
Below are few important network security organizations.
– SANS
– Mitre
– FIRST
– SecurityNewsWire
– (ISC)2
– CIS
CIS Organisation :
The Center for Internet Security (CIS) is a focal point for cyber threat prevention, protection, response, and recovery for state, local, tribal, and territorial (SLTT) governments through the Multi-State Information Sharing and Analysis Center (MS-ISAC).
The MS-ISAC offers 24x7 cyber threat warnings and advisories, vulnerability identification, and mitigation and incident response.
Network Intelligence Communities
To remain effective, a network security professional must:
Keep abreast of the latest threats – This includes subscribing to real-time feeds regarding threats, routinely perusing security-related websites, following security blogs and podcasts, and more.
Continue to upgrade skills – This includes attending security-related training, workshops, and conferences.
Note: Network security has a very steep learning curve and requires a commitment to continuous professional development.
Cisco Cybersecurity Reports Resources to help security professionals stay abreast of the latest threats are the Cisco Annual Cybersecurity Report and the Mid-Year Cybersecurity Report.
These reports provide an update on the state of security preparedness, expert analysis of top vulnerabilities, factors behind the explosion of attacks using adware, spam, and more.
Cybersecurity analysts should subscribe to and read these reports to learn how threat actors are targeting their networks, and what can be done to mitigate these attacks.
Security Blogs and Podcasts Another method for keeping up-to-date on the latest threats is to read blogs and listen to podcasts.
Blogs and podcasts also provide advice, research, and recommended mitigation techniques.
There are several security blogs and podcasts available that a cybersecurity analyst should follow to learn about the latest threats, vulnerabilities, and exploits.
There are several security blogs and podcasts available that a cybersecurity analyst should follow to learn about the latest threats, vulnerabilities, and exploits.
Cisco provides blogs on security-related topics from a number of industry experts and from the Cisco Talos Group.
Search for Cisco security blogs to locate them.
You can also subscribe to receive notifications of new blogs by email.
Cisco Talos also offers a series of over 80 podcasts that can be played from the internet or downloaded to your device of choice.
Threat Intelligence Services Cisco Talos Threat intelligence services allow the exchange of threat information such as vulnerabilities, indicators of compromise (IOC), and mitigation techniques.
This information is not only shared with personnel, but also with security systems.
As threats emerge, threat intelligence services create and distribute firewall rules and IOCs to the devices that have subscribed to the service.
https://snipboard.io/BSw0YN.jpg
Threat Intelligence Services Cisco Talos Threat intelligence services allow the exchange of threat information such as vulnerabilities, indicators of compromise (IOC), and mitigation techniques.
This information is not only shared with personnel, but also with security systems.
As threats emerge, threat intelligence services create and distribute firewall rules and IOCs to the devices that have subscribed to the service.
https://snipboard.io/BSw0YN.jpg
Threat Intelligence Services Cisco Talos Threat intelligence services allow the exchange of threat information such as vulnerabilities, indicators of compromise (IOC), and mitigation techniques.
This information is not only shared with personnel, but also with security systems.
As threats emerge, threat intelligence services create and distribute firewall rules and IOCs to the devices that have subscribed to the service.
https://snipboard.io/BSw0YN.jpg
One such service is the Cisco Talos Threat Intelligence Group, shown in the figure.
Talos is one of the largest commercial threat intelligence teams in the world, and is comprised of world-class researchers, analysts and engineers.
The goal of Talos is to help protect enterprise users, data, and infrastructure from active adversaries.
The Talos team collects information about active, existing, and emerging threats. Talos then provides comprehensive protection against these attacks and malware to its subscribers.
One such service is the Cisco Talos Threat Intelligence Group, shown in the figure.
Talos is one of the largest commercial threat intelligence teams in the world, and is comprised of world-class researchers, analysts and engineers.
The goal of Talos is to help protect enterprise users, data, and infrastructure from active adversaries.
The Talos team collects information about active, existing, and emerging threats. Talos then provides comprehensive protection against these attacks and malware to its subscribers.
Cisco Security products can use Talos threat intelligence in real time to provide fast and effective security solutions.
Cisco Talos also provides free software, services, resources, and data.
Talos maintains the security incident detection rule sets for the Snort.org, ClamAV, and SpamCop network security tools.
FireEye FireEye is another security company that offers services to help enterprises secure their networks.
FireEye uses a three-pronged approach combining security intelligence, security expertise, and technology.
FireEye FireEye offers SIEM and SOAR with the Helix Security Platform, which uses behavioral analysis and advanced threat detection and is supported by the FireEye Mandiant worldwide threat intelligence network.
Helix is cloud-hosted security operations platform that combines diverse security tools and threat intelligence into a single platform.