Posts

Threat actor: "I failed, let's go home" (Week 9)

  The incident response lifecycle is more than just following a list, it helps to reduce impacts on organizations via attacks/threats. While it may seem like another box to check off as you run through the motions, it helps by minimizing damage that was caused or could be caused by threats or attacks, which can also directly impact the financial cost. Not only that, but if a company deals with high-risk data, the incident response lifecycle can help by protecting it, while also allowing an organization to learn from it and do things better in the future. A simplified overview of what the process entails is: prepare, detect, contain the threat, post incident activity. Essentially, an organization needs to be prepared to handle a threat. This means creating a plan, outlining everyone’s roles in the event a threat happens, ensure security measures are in place, and practically practice your plan. Once a threat has been detected, it’s time to move into containment; stopping the sprea...
Post a Comment
Read more

The ease of automation (Week 8)

  Automation can be extremely helpful when you need to simplify daily or mundane tasks. It’s no surprise that automation is a big part of the tech industry, specifically cybersecurity. Not only can it help with repetitive tasks but also streamlining and efficiency. A good example of this is SOAR, which stands for Security Orchestration, Automation, and Response. Simply put, SOAR connects various security tools in one place and essentially allows them to work together. Bringing everything together allows the automation to handle the repetitive tasks, such as checking alerts, going through data, and generating a record of any security issues found. Not only that, it can also assist in containing or potentially stopping threats, blocking access, or sending an alert to the team. This type of automation process is helpful in terms of staying consistent and being able to respond quickly if the need arises.
Post a Comment
Read more

Becoming a hunter, not the hunted.... (Week 7)

  Threat Hunting is an interesting concept… and it means exactly what it says. Hunting down threats before they find you, in a sense. While there still may be signs that a threat is there, it’s the act of finding and catching it before you know it’s a confirmed problem. In short, it works by coming up with a hypothesis, whether it’s based on something that seems off, or a potential gut feeling. The goal is to prove whether or not the hypothesis is correct or failed. Depending on what you’re looking for specifically it may involve looking through various data, like logs, network, activity, protocol analyzers, or comparing past activity to present activity. If the hypothesis doesn’t stand up, nothing happens. On the other hand, if it does, you move to incident response in order to fix, mitigate or manage the issue. While the process sounds simple when you put it into words, but in a real-life scenario it can be a little more complicated than it seems, and sometimes it may not get...
Post a Comment
Read more

You've been blacklisted (Week 6)

  It’s interesting to know that security comes in multiple forms. Who knew there was a plethora of ways that you can use security in the digital world. While not all security is adequate in terms of offering you the ‘best’, or there could be times when it’s not even effective. Before you come at me… it’s possible that some methods are now insufficient and no longer effective in the realm of modern threats. A good example of this is blacklisting. Of course, the goal is to block out and deny the bad, so what’s the problem?   Here’s the thing, in order to block out the bad, you have to know what the ‘bad’ is. That’s the thing with blacklisting, you’re letting anything and everything inside on the premise that it could be ‘good’, until it’s not. Let me explain, in today’s world, threats are evolving. Threat actors are coming up with more and more ways to combat increased security. If you are relying on blacklisting to keep out the bad, in my opinion, you are working with old i...
Post a Comment
Read more

Did you lose your keys again? (week 5)

  It goes without saying, that using proper security measures is the key to protecting yourself and your data when using a computer. The goal: Keeping your information out of unwanted hands!  One way you can add extra protection is to use encryption. Which typically includes cypher keys, special software, algorithms, and sometimes a headache when you lose one of the keys. There are different types of cryptography: symmetric, asymmetric, and hash. It shouldn’t feel like an extra step to add or use encryption; it should be automatic. But what if I told you that you can get the same benefits of encryption without having to keep track of multiple cypher keys? Yes, it’s possible with self-encrypting drives (SEDs). With SEDs, the process happens automatically. With no need to manage cypher keys manually, and no unnecessary steps on the user’s part; as the encryption 'key' never moves out of the drive. Since this is hardware based, it encrypts the data as you type it and onc...
Post a Comment
Read more

Can honey attract flies ..... (Week 4)

  A primary security goal for businesses and organizations is to ensure their network is secure. Making sure that everything stays up to date, and proper security measures are in place to keep attackers out. What if I told you that there is a method that does the exact opposite, and intentionally? Yes, you read that right. The method I’m referring to is called Honeypot. Essentially, it is a fake system that is used to attract threat actors. It’s made to look legit, and to portray something of high value. By using this method, it can allow people to analyze the attacker’s abilities, the type of attack used, and the complexity of it. While this may seem like a great way to distract attackers from targeting the ‘real’ system, it does have its drawbacks. The biggest drawback is the cost of this, as it requires dedicated system, such as its own hardware and software. Additionally, it would need to be on a completely separate network. This could be a great tool for some business or...
Post a Comment
Read more

Hidden in the middle.... (Week 3)

Going to your local coffee shop can be a great place to not only enjoy a cup of coffee, but you can also get access to free public Wi-Fi. While that seems appealing and cost effective, it might be worth thinking about the security risks beforehand. When using public Wi-Fi, and not taking proper precautions, it’s possible for someone to intercept the information you are sending or receiving. This is referred to as eavesdropping or a Man in the Middle attack. This is a great way for threat actors to gain access to private information, whether passwords, emails, or even banking info. Essentially a person trying to gain access will digitally put themselves on the same path as you in order to get access, or this can happen by connecting to a ‘fake’ public Wi-Fi connection. While using this analogy is a great way to explain the how and the implications, it's worthy to note that this isn't just a 'free public wi-fi' type of attack, it can also happen on other unsecure connecti...
Post a Comment
Read more