MODULE 20 - CERTIFICATION CYBER OPS ASSOCIATE Flashcards

1
Q

Information Sources Network Intelligence Communities

To effectively protect a network, security professionals must stay informed about threats and vulnerabilities as they evolve.

There are many security organizations which provide network intelligence.

They provide resources, workshops, and conferences to help security professionals.

These organizations often have the latest information on threats and vulnerabilities.

A

Below are few important network security organizations.

– SANS

– Mitre

– FIRST

– SecurityNewsWire

– (ISC)2

– CIS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Below are few important network security organizations.

– SANS

– Mitre

– FIRST

– SecurityNewsWire

– (ISC)2

– CIS

A

SANS Organisation SysAdmin, Audit, Network, Security (SANS) Institute resources are largely free upon request and include:

The Internet Storm Center - the popular internet early warning system NewsBites, the weekly digest of news articles about computer security.

@RISK, the weekly digest of newly discovered attack vectors, vulnerabilities with active exploits, and explanations of how recent attacks worked Flash security alerts

Reading Room - more than 1,200 award-winning, original research papers. SANS also develops security courses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Below are few important network security organizations.

– SANS

– Mitre

– FIRST

– SecurityNewsWire

– (ISC)2

– CIS

A

Mitre Organisation:

The Mitre Corporation maintains a list of common vulnerabilities and exposures (CVE) used by prominent security organizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Below are few important network security organizations.

– SANS

– Mitre

– FIRST

– SecurityNewsWire

– (ISC)2

– CIS

A

FIRST Organisation:

Forum of Incident Response and Security Teams (FIRST) is a security organization that brings together a variety of computer security incident response teams from government, commercial, and educational organizations to foster cooperation and coordination in information sharing, incident prevention and rapid reaction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Below are few important network security organizations.

– SANS

– Mitre

– FIRST

– SecurityNewsWire

– (ISC)2

– CIS

A

SecurityNewsWire Organisation :

A security news portal that aggregates the latest breaking news pertaining to alerts, exploits, and vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Below are few important network security organizations.

– SANS

– Mitre

– FIRST

– SecurityNewsWire

– (ISC)2

– CIS

A

(ISC)2 Organisation :

International Information Systems Security Certification Consortium (ISC2) provides vendor neutral education products and career services to more than 75,000+ industry professionals in more than 135 countries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Below are few important network security organizations.

– SANS

– Mitre

– FIRST

– SecurityNewsWire

– (ISC)2

– CIS

A

CIS Organisation :

The Center for Internet Security (CIS) is a focal point for cyber threat prevention, protection, response, and recovery for state, local, tribal, and territorial (SLTT) governments through the Multi-State Information Sharing and Analysis Center (MS-ISAC).

The MS-ISAC offers 24x7 cyber threat warnings and advisories, vulnerability identification, and mitigation and incident response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Network Intelligence Communities

To remain effective, a network security professional must:

A

Keep abreast of the latest threats – This includes subscribing to real-time feeds regarding threats, routinely perusing security-related websites, following security blogs and podcasts, and more.

Continue to upgrade skills – This includes attending security-related training, workshops, and conferences.

Note: Network security has a very steep learning curve and requires a commitment to continuous professional development.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Cisco Cybersecurity Reports Resources to help security professionals stay abreast of the latest threats are the Cisco Annual Cybersecurity Report and the Mid-Year Cybersecurity Report.

These reports provide an update on the state of security preparedness, expert analysis of top vulnerabilities, factors behind the explosion of attacks using adware, spam, and more.

A

Cybersecurity analysts should subscribe to and read these reports to learn how threat actors are targeting their networks, and what can be done to mitigate these attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Security Blogs and Podcasts Another method for keeping up-to-date on the latest threats is to read blogs and listen to podcasts.

Blogs and podcasts also provide advice, research, and recommended mitigation techniques.

A

There are several security blogs and podcasts available that a cybersecurity analyst should follow to learn about the latest threats, vulnerabilities, and exploits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

There are several security blogs and podcasts available that a cybersecurity analyst should follow to learn about the latest threats, vulnerabilities, and exploits.

A

Cisco provides blogs on security-related topics from a number of industry experts and from the Cisco Talos Group.

Search for Cisco security blogs to locate them.

You can also subscribe to receive notifications of new blogs by email.

Cisco Talos also offers a series of over 80 podcasts that can be played from the internet or downloaded to your device of choice.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Threat Intelligence Services Cisco Talos Threat intelligence services allow the exchange of threat information such as vulnerabilities, indicators of compromise (IOC), and mitigation techniques.

This information is not only shared with personnel, but also with security systems.

As threats emerge, threat intelligence services create and distribute firewall rules and IOCs to the devices that have subscribed to the service.

https://snipboard.io/BSw0YN.jpg

A

Threat Intelligence Services Cisco Talos Threat intelligence services allow the exchange of threat information such as vulnerabilities, indicators of compromise (IOC), and mitigation techniques.

This information is not only shared with personnel, but also with security systems.

As threats emerge, threat intelligence services create and distribute firewall rules and IOCs to the devices that have subscribed to the service.

https://snipboard.io/BSw0YN.jpg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Threat Intelligence Services Cisco Talos Threat intelligence services allow the exchange of threat information such as vulnerabilities, indicators of compromise (IOC), and mitigation techniques.

This information is not only shared with personnel, but also with security systems.

As threats emerge, threat intelligence services create and distribute firewall rules and IOCs to the devices that have subscribed to the service.

https://snipboard.io/BSw0YN.jpg

A

One such service is the Cisco Talos Threat Intelligence Group, shown in the figure.

Talos is one of the largest commercial threat intelligence teams in the world, and is comprised of world-class researchers, analysts and engineers.

The goal of Talos is to help protect enterprise users, data, and infrastructure from active adversaries.

The Talos team collects information about active, existing, and emerging threats. Talos then provides comprehensive protection against these attacks and malware to its subscribers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

One such service is the Cisco Talos Threat Intelligence Group, shown in the figure.

Talos is one of the largest commercial threat intelligence teams in the world, and is comprised of world-class researchers, analysts and engineers.

The goal of Talos is to help protect enterprise users, data, and infrastructure from active adversaries.

The Talos team collects information about active, existing, and emerging threats. Talos then provides comprehensive protection against these attacks and malware to its subscribers.

A

Cisco Security products can use Talos threat intelligence in real time to provide fast and effective security solutions.

Cisco Talos also provides free software, services, resources, and data.

Talos maintains the security incident detection rule sets for the Snort.org, ClamAV, and SpamCop network security tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

FireEye FireEye is another security company that offers services to help enterprises secure their networks.

FireEye uses a three-pronged approach combining security intelligence, security expertise, and technology.

A

FireEye FireEye offers SIEM and SOAR with the Helix Security Platform, which uses behavioral analysis and advanced threat detection and is supported by the FireEye Mandiant worldwide threat intelligence network.

Helix is cloud-hosted security operations platform that combines diverse security tools and threat intelligence into a single platform.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

FireEye FireEye offers SIEM and SOAR with the Helix Security Platform, which uses behavioral analysis and advanced threat detection and is supported by the FireEye Mandiant worldwide threat intelligence network.

Helix is cloud-hosted security operations platform that combines diverse security tools and threat intelligence into a single platform.

A

The FireEye Security System blocks attacks across web and email threat vectors, and latent malware that resides on file shares.

It can block advanced malware that easily bypasses traditional signature-based defenses and compromises the majority of enterprise networks.

It addresses all stages of an attack lifecycle with a signature-less engine utilizing stateful attack analysis to detect zero-day threats.

17
Q

The FireEye Security System blocks attacks across web and email threat vectors, and latent malware that resides on file shares.

It can block advanced malware that easily bypasses traditional signature-based defenses and compromises the majority of enterprise networks.

It addresses all stages of an attack lifecycle with a signature-less engine utilizing stateful attack analysis to detect zero-day threats.

A

The FireEye Security System blocks attacks across web and email threat vectors, and latent malware that resides on file shares.

It can block advanced malware that easily bypasses traditional signature-based defenses and compromises the majority of enterprise networks.

It addresses all stages of an attack lifecycle with a signature-less engine utilizing stateful attack analysis to detect zero-day threats.

18
Q

Automated Indicator Sharing The U.S. Department of Homeland Security (DHS) offers a free service called Automated Indicator Sharing (AIS).

AIS enables the real-time exchange of cyber threat indicators (e.g., malicious IP addresses, the sender address of a phishing email, etc.) between the U.S. Federal Government and the private sector.

A

AIS creates an ecosystem where, as soon as a threat is recognized, it is immediately shared with the community to help them protect their networks from that particular threat.

19
Q

Common Vulnerabilities and Exposures (CVE) Database

The United States government sponsored the MITRE Corporation to create and maintain a catalog of known security threats called Common Vulnerabilities and Exposures (CVE).

The CVE serves as a dictionary of common names (i.e., CVE Identifiers) for publicly known cybersecurity vulnerabilities.

A

Common Vulnerabilities and Exposures (CVE) Database The MITRE Corporation defines unique CVE Identifiers for publicly known information-security vulnerabilities to make it easier to share data.

20
Q

Threat Intelligence Communication Standards

https://snipboard.io/dEroNu.jpg

Network organizations and professionals must share information to increase knowledge about threat actors and the assets they want to access.

Several intelligence sharing open standards have evolved to enable communication across multiple networking platforms.

These standards enable the exchange of cyber threat intelligence (CTI) in an automated, consistent, and machine readable format.

A

Three common threat intelligence sharing standards include the following: :

– Structured Threat Information Expression (STIX)

– Trusted Automated Exchange of Indicator Information (TAXII)

– CybOX

21
Q

Three common threat intelligence sharing standards include the following: :

– Structured Threat Information Expression (STIX)

– Trusted Automated Exchange of Indicator Information (TAXII)

– CybOX

A

Structured Threat Information Expression (STIX) :

This is a set of specifications for exchanging cyber threat information between organizations.

The Cyber Observable Expression (CybOX) standard has been incorporated into STIX.

22
Q

Three common threat intelligence sharing standards include the following: :

– Structured Threat Information Expression (STIX)

– Trusted Automated Exchange of Indicator Information (TAXII)

– CybOX

A

Trusted Automated Exchange of Indicator Information (TAXII) :

This is the specification for an application layer protocol that allows the communication of CTI over HTTPS.

TAXII is designed to support STIX.

23
Q

Three common threat intelligence sharing standards include the following: :

– Structured Threat Information Expression (STIX)

– Trusted Automated Exchange of Indicator Information (TAXII)

– CybOX

A

CybOX :

This is a set of standardized schema for specifying, capturing, characterizing, and communicating events and properties of network operations that supports many cybersecurity functions.

24
Q

Three common threat intelligence sharing standards include the following: :

– Structured Threat Information Expression (STIX)

– Trusted Automated Exchange of Indicator Information (TAXII)

– CybOX

A

The Malware Information Sharing Platform (MISP) is an open source platform for sharing indicators of compromise for newly discovered threats.

MISP is supported by the European Union and is used by over 6,000 organizations globally.

MISP enables automated sharing of IOCs between people and machines by using STIX and other export formats.

25
Q

Threat Intelligence Platforms As we have seen, there are many sources of threat intelligence information, each of which may have its own data format.

Accessing and using multiple threat intelligence sources can be very time-consuming.

To help cybersecurity personnel make the best use of threat intelligence, threat intelligence platforms (TIP) have evolved.

A

A threat intelligence platform centralizes the collection of threat data from numerous data sources and formats. There are three major types of threat intelligence data. The first is indicators of compromise (IOC).

The second is tools, techniques, and procedures (TTP). The third is reputation information about internet destinations or domains.

The volume of threat intelligence data can be overwhelming, so the threat intelligence platform is designed to aggregate the data in one place and–most importantly–present the data in a comprehensible and usable format.

26
Q

A threat intelligence platform centralizes the collection of threat data from numerous data sources and formats. There are three major types of threat intelligence data. The first is indicators of compromise (IOC).

The second is tools, techniques, and procedures (TTP). The third is reputation information about internet destinations or domains.

The volume of threat intelligence data can be overwhelming, so the threat intelligence platform is designed to aggregate the data in one place and–most importantly–present the data in a comprehensible and usable format.

A

Organizations can contribute to threat intelligence by sharing their intrusion data over the internet, typically through automation.

Many threat intelligence services use subscriber data to enhance their products and to keep current with the constantly changing immerging threat landscape.

27
Q

Organizations can contribute to threat intelligence by sharing their intrusion data over the internet, typically through automation.

Many threat intelligence services use subscriber data to enhance their products and to keep current with the constantly changing immerging threat landscape.

A

Honeypots are simulated networks or servers that are designed to attract attackers.

The attack-related information gathered from honeypots can then be shared with threat intelligence platform subscribers.

However, hosting honeypots can itself be a risk.

Basing a honeypot in the cloud isolates the honeypot from production networks.

This approach is an attractive alternative for gathering threat intelligence.