On completing this course, you will be able to:
Welcome to this module, which will outline the various strategies and tools used by cybersecurity professionals to protect an organization’s network, data and equipment from cybercrime.
You only have to look at the news to understand that all organizations, regardless of type, size or location, are at risk of a cyber attack. It seems that no one is safe.
So is there anything you can do to help protect an organization from a targeted attack? And with many in the security industry predicting that it’s not a case of ‘if’ but ‘when’ a cybersecurity breach will occur, how can you respond to ensure that it has minimal impact?
This module will highlight the actions that you can take to help answer these questions.
Behavior-based security is a form of threat detection that involves capturing and analyzing the flow of communication between a user on the local network and a local or remote destination. Any changes in normal patterns of behavior are regarded as anomalies, and may indicate an attack.
Honeypots
A honeypot is a behavior-based detection tool that lures the attacker in by appealing to their predicted pattern of malicious behavior. Once the attacker is inside the honeypot, the network administrator can capture, log and analyze their behavior so that they can build a better defense.
Cisco’s Cyber Threat Defense Solution Architecture
This security architecture uses behavior-based detection and indicators to provide greater visibility, context and control. The aim is to know who is carrying out the attack, what type of attack they are performing and where, when and how the attack is taking place. This security architecture uses many security technologies to achieve this goal.
NetFlow technology is used to gather information about data flowing through a network, including who and what devices are in the network, and when and how users and devices access the network.
NetFlow is an important component in behavior-based detection and analysis. Switches, routers and firewalls equipped with NetFlow can report information about data entering, leaving and traveling through the network.
This information is sent to NetFlow collectors that collect, store and analyze NetFlow data, which can be used to establish baseline behaviors on more than 90 attributes, such as source and destination IP address.
Penetration testing, commonly known as pen testing, is the act of assessing a computer system, network or organization for security vulnerabilities. A pen test seeks to breach systems, people, processes and code to uncover vulnerabilities which could be exploited. This information is then used to improve the system’s defenses to ensure that it is better able to withstand cyber attacks in the future.
The pen tester gathers as much information as possible about a target system or network, its potential vulnerabilities and exploits to use against it. This involves conducting passive or active reconnaissance (footprinting) and vulnerability research.
The pen tester gathers as much information as possible about a target system or network, its potential vulnerabilities and exploits to use against it. This involves conducting passive or active reconnaissance (footprinting) and vulnerability research.
The pen tester will attempt to gain access to a target system and sniff network traffic, using various methods to exploit the system including:
The pen tester will maintain access to the target to find out what data and systems are vulnerable to exploitation. It is important that they remain undetected, typically using backdoors, Trojan horses, rootkits and other covert channels to hide their presence.
When this infrastructure is in place, the pen tester will then proceed to gather the data that they consider valuable.
The pen tester will provide feedback via a report that recommends updates to products, policies and training to improve an organization’s security.
You’ve been tasked with carrying out an internal pen test to check @Apollo’s computer network for vulnerabilities. How will you go about conducting your test? Get this right and earn some much needed defender points.
Put the following steps in the correct order.
Gather as much information as you can without being detected
Footprint through the network to find ways to intrude
Exploit any vulnerabilities identified in the network by simulating an attack
Report your findings to the team
Identify potential exploitable vulnerabilities
How to carry out a pen test (explanations):
While most organizations today are aware of common security threats and put considerable effort into preventing them, no set of security practices is foolproof. Therefore, organizations must be prepared to contain the damage if a security breach occurs. And they must act fast!
Find out more about the actions organizations should take when a security breach is identified.
Communication creates transparency, which is critical in this type of situation.
Internally, all employees should be informed and a clear call to action communicated.
Externally, all clients should be informed through direct communication and official announcements.
Respond to the breach in an honest and genuine way, taking responsibility where the organization is at fault.
Be open and explain why the breach took place and what information was compromised. Organizations are generally expected to take care of any client costs associated with identity theft services required as a result of a security breach.
Take steps to understand what caused and facilitated the breach. This may involve hiring forensics experts to research and find out the details.
Make sure that any lessons learned from forensic investigations are applied to prevent similar breaches from happening in the future.
Attackers will often attempt to leave a backdoor to facilitate future breaches. To prevent this from happening, make sure that all systems are clean, no backdoors are installed and nothing else has been compromised.
Raise awareness, train and educate employees, partners and clients on how to prevent future breaches.
Don’t forget, the impact of a security breach extends beyond the technical aspect of stolen data or damaged intellectual property. It can have a devastating effect on an organization’s reputation!
Risk management is the formal process of continuously identifying and assessing risk in an effort to reduce the impact of threats and vulnerabilities. You cannot eliminate risk completely but you can determine acceptable levels by weighing up the impact of a threat with the cost of implementing controls to mitigate it. The cost of a control should never be more than the value of the asset you are protecting.
Find out more about the risk management process.
Frame the risk
Identify the threats that increase risk. Threats may include processes, products, attacks, potential failure or disruption of services, negative perception of an organization’s reputation, potential legal liability or loss of intellectual property.
Access the risk
Determine the severity that each threat poses. For example, some threats may have the potential to bring an entire organization to a standstill, while other threats may be only minor inconveniences. Risk can be prioritized by assessing financial impact (a quantitative analysis) or scaled impact on an organization's operation (a qualitative analysis).
Respond the risk
Develop an action plan to reduce overall organization risk exposure, detailing where risk can be eliminated, mitigated, transferred or accepted.
Monitor the risk
Continuously review any risk reduced through elimination, mitigation or transfer actions. Remember, not all risks can be eliminated, so you will need to closely monitor any threats that have been accepted.