Cyber Defense eMagazine November 2019

More documents

Recommendations

Info

Centralized Logs The tool should have the ability to ingest a variety of technical and non-technical indicators of use activity. This is typically done using connector and collectors of various types depending on the target system. Normalize, Aggregate, and Correlate The tool should have the ability to normalize, aggregate, and summarize the user activity in preparation for data analysis and machine learning. Insider Threat Specific Content The tool should come with the necessary out-of-the-box content to meet your basic insider threat monitoring needs. It should also provide the ability to create custom content for industry-specific use case requirements. The detection mechanism should consist of standard rule-based violation triggers and user behavior-based anomaly detection. It is this combination that proves to be most effective against insider threats. Threat Chains Once the nefarious behavior is detected, the tool should facilitate stitching or chaining individual events into one holistic threat. For example: a user who has been identified as a flight risk is identified as accessing and downloading an abnormal amount or type of data, followed by an attempt to exfiltrate that data. Risk Scoring Once the insider threat behavior has been detected using threat chains, these alerts need to be risk scored in order to prioritize the threats from the noise. Investigation Tools When it comes to insider threats, the situation is seldom black and white. The security analyst requires a tool that can provide the necessary context in order to be able to complete their investigation of the prioritized threats. 50
Incident Response Workflows When a prioritized threat is deeded escalation worthy, the tool should facilitate the necessary escalation and triage workflow amongst the concerned parties. Where to Start While organizations can decide their own pace for onboarding data based on their insider threat monitoring goals, an iterative approach is highly recommended. We have seen several successful insider threat projects begin with a foundational layer and build incrementally over time to reach a better maturity state. The following table proposes the types of data that organizations should consider ingesting based on their maturity. Maturity Data Exfiltration Detection IT Sabotage Level 1 (Foundational) Email activity USB activity Proxy activity Windows authentication logs and security events Unix authentication logs (if applicable) Single sign-on (SSO) logs Critical database activity logs Level 2 (Intermediate) DLP monitoring Endpoint monitoring Content sharing logs (Box, Dropbox, etc.) SharePoint logs or similar Unix audit logs if applicable PAM logs Endpoint detection and response (EDR) logs AWS CloudTrail logs SSO logs 51
Page 1 and 2: Detrimental Ransomware Effects 3 Mu
Page 3 and 4: How to Keep Your Customer’s Credi
Page 5 and 6: @CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8: 7
Page 9 and 10: 9
Page 11 and 12: Your website could be vulnerable to
Page 13 and 14: 13
Page 15 and 16: 15
Page 17 and 18: 17
Page 19 and 20: The click opened the door for the s
Page 21 and 22: Achieving Cybersecurity Readiness w
Page 23 and 24: valuable in cyber skills developmen
Page 25 and 26: Talk About a Disaster Fema Exposes
Page 27 and 28: Discussion When you demand and requ
Page 29 and 30: 3 Must-Do Tasks to Make Vulnerabili
Page 31 and 32: Intelligent automated solutions are
Page 33 and 34: • ML focuses on acquiring knowled
Page 35 and 36: just one of many examples of how AI
Page 37 and 38: From Guards to Detectives: Evolving
Page 39 and 40: analysts to focus on its more inter
Page 41 and 42: Where Property Insurance Ends and C
Page 43 and 44: to have in-depth conversations with
Page 45 and 46: There is no doubt that insider thre
Page 47 and 48: IT sabotage • Monitor high privil
Page 49: How to Build an Effective Insider T
Page 53 and 54: Technology The technology should su
Page 55 and 56: Modernize the Mission: Implementing
Page 57 and 58: With the massive influx of data fro
Page 59 and 60: “Cyber threats such as ransomware
Page 61 and 62: On the 16th anniversary of National
Page 63 and 64: The significance of cyberattacks ca
Page 65 and 66: John Ford, Chief Information Securi
Page 67 and 68: Open Banking is a great illustratio
Page 69 and 70: The Social Engineering Methods and
Page 71 and 72: equest kindly from you to give your
Page 73 and 74: How to Address the Top 5 Human Thre
Page 75 and 76: How do most organizations attempt t
Page 77 and 78: How to Suggest Your Manager to Inve
Page 79 and 80: The purpose, the impacts and the bu
Page 81 and 82: So, Ya Wanna Be A Pen Tester, Huh?
Page 83 and 84: Does the world need you? The short
Page 85 and 86: which nmap calls paranoid slow. Por
Page 87 and 88: eport. What chance then do SMBs, ma
Page 89 and 90: protection that was in place. They
Page 91 and 92: WannaCry hacking that shut down hun
Page 93 and 94: About the Author Stephanie Douglas
Page 95 and 96: Global Information Sharing CBS News
Page 97 and 98: Finally, when presented with a fore
Page 99 and 100: cybersecurity threats seriously eno
Page 101 and 102:
There are other tactics available f
Page 103 and 104:
You can run a Discovery Scan in Met
Page 105 and 106:
When the task configuration bullet
Page 107 and 108:
You will see a list of Compatible P
Page 109 and 110:
How Organizations Can Best Avoid GD
Page 111 and 112:
Alongside this, an organisation mus
Page 113 and 114:
Here’s How You Can Secure Your Ap
Page 115 and 116:
potential cyber-attack. The purpose
Page 117 and 118:
cooperation with other Allies) also
Page 119 and 120:
operational-level commander, as opp
Page 121 and 122:
When Google sees that your site is
Page 123 and 124:
How to Erase Data from Mobile Devic
Page 125 and 126:
About the Author Mark Dobson is an
Page 127 and 128:
With this major shift to cloud-base
Page 129 and 130:
(https://www.csoonline.com/article/
Page 131 and 132:
Cybersecurity Essentials for Small
Page 133 and 134:
Cybersecurity essentials to remembe
Page 135 and 136:
New Cybersecurity Trend: Hackers Im
Page 137 and 138:
adversary due to intellectual prope
Page 139 and 140:
a multi-dimensional connectivity wi
Page 141 and 142:
To conclude, we can say that SDP ce
Page 143 and 144:
The Launch of Curiosity IoT The clo
Page 145 and 146:
Stressing Security Teams By Jody Ca
Page 147 and 148:
Playbooks are most widely known in
Page 149 and 150:
The Importance of Cybersecurity Whe
Page 151 and 152:
You don’t want problems with the
Page 153 and 154:
fairly simple - software in our con
Page 155 and 156:
used to exploit the system was, wha
Page 157 and 158:
As you can imagine, as technology g
Page 159 and 160:
A10 Networks Cloud Access Proxy Pro
Page 161 and 162:
About the Author As VP of Product M
Page 163 and 164:
in 2020.” 2) “AI and speech tec
Page 165 and 166:
operating system is vulnerable to e
Page 167 and 168:
About the Author Mr. Ryan is Co-fou
Page 169 and 170:
In some cases, the RPA bots work to
Page 171 and 172:
About the Author Kevin Ross is a Sr
Page 173 and 174:
Whenever you are in a public place,
Page 175 and 176:
175
Page 177 and 178:
177
Page 179 and 180:
179
Page 181 and 182:
181
Page 183 and 184:
183
Page 185 and 186:
185
Page 187 and 188:
187
Page 189 and 190:
189
Page 191 and 192:
191
Page 193 and 194:
193
Page 195 and 196:
You asked, and it’s finally here
Page 197 and 198:
TRILLIONS ARE AT STAKE No 1 INTERNA
Page 199 and 200:
199
Page 201 and 202:
201
Page 203 and 204:
203
Page 205:
205
show all

Cyber Defense eMagazine November 2019

Create successful ePaper yourself

Delete template?

Save as template?