- Knowing what’s on your network is the 1st step in protecting what’s on your network.
- You need to know what systems exist –
a.laptops and servers - as well as what’s been installed and running on those systems e.g. apps, services, and active ports.
2.Vulnerability Assessment
- Vulnerabilities represent the tiny cracks that an attacker uses to infiltrate your networks, apps, devices, and systems referred to as the “attack surface”.
These vulnerabilities can open up when you least expect them - that’s why it’s essential to continually
- - assess your entire network for vulnerabilities.
Additionally, you may be subject to a variety of contractual and regulatory mandates (e.g. PCI DSS, SOX, etc.)
3. Behavioral monitoring
- At its basic level, effective cyber security monitoring comes down to exception management.
- Creating a baseline of system and network behavior provides the essential foundation with which to spot anomalies.
- What activities represent exceptions to the norm?
- e.g. policy violations, error messages, spikes in the outbound network activity, unexpected reboots, etc.
-One of the “must-have” SOC tools for identifying
“known” attacks and “known” attacker activity by
using rule & signature-based detection.
An intrusion detection system (#IDS ) combines NIDS & HIDS
- Network Intrusion Detection System (#NIDS):
To detect known attack patterns that indicate
malicious activity e.g. malware infections, policy
violations, port scans, etc.
Host-based Intrusion Detection System (#HIDS)
analyzes system behavior and configuration that could indicate system compromise.
This includes the ability to recognize common #rootkits, detect rogue processes, and detect modifications to critical configuration files.
5.SIEM – Security Information & Event Management
SIEM tools is a core foundation for building a SOC
because of their ability to apply dynamic correlation
rules (i.e. Correlation Directives) against a mountain of disparate and varied event log data -
- When an alarm is triggered by a correlation directive, details about the event and activity are classified according to an event taxonomy based on a simplified version of Lockheed Martin’s cyber kill chain (an industry standard).
This event classification enables SOC analysts to prioritize which events to focus on, in order to quickly respond and investigate.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
1️⃣Incogni: Get your personal data deleted and off the market
Thousands of companies are collecting, aggregating, and trading your personal data without you knowing anything about it. Incogni removes them for you.
𝐈𝐁𝐌 - 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐁𝐚𝐬𝐢𝐜𝐬
This course gives you the background needed to understand the basics of Cybersecurity.
🖇️ edx.org/course/cyberse…
𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐅𝐮𝐧𝐝𝐚𝐦𝐞𝐧𝐭𝐚𝐥𝐬
Learn cybersecurity fundamentals, including how to detect threats, protect systems and networks, and anticipate potential cyber attacks.
🖇️ edx.org/course/cyberse…