Cyber Defense eMagazine August 2020 Edition

More documents

Recommendations

Info

Assessing and Addressing These New Risks A balance of security controls is necessary for initial compromise, lateral movement, privilege escalation, and data loss prevention. If the attackers have already evaded EPP and EDR tools and compromised an internal system, technology like cyber deception plays a valuable role in detecting lateral movement and protecting applications from unauthorized access. Additionally, data loss prevention capabilities can stop employees (or attackers) from saving sensitive information to personal devices. Improving lateral movement detection is vital. After the initial compromise of a network, there is a dark period of lateral movement and privilege escalation before the data protection tools detect anything. This lack of visibility means that there is no detection mechanism present until the tail end of the attack, which may be too late. Most security controls will also have challenges pinpointing attack path vulnerabilities, and tactics, techniques, and procedures (TTPs). Unless the organization has a mechanism to record an attacker’s activity during a live attack (like a decoy or engagement environment), it can be difficult for security teams to understand the attack methods, their objectives, and how broad of a footprint the attacker has established. To this end, it is vital to have visibility into attack paths to essential assets and network activity that includes seeing devices coming on or off the network, and can they find shadow admin accounts? This sort of credential tracking is more important than ever and having the correct tools in place can stop the execution of a successful breach. Decoys can also record and replay attacks for a better correlation of attack activities and gathering company-specific threat intelligence. The spike in remote employees underscores the need to boost VPN security, as new traffic patterns amid remote work have shattered traditional activity baselines and made suspicious behavior harder to identify. This need also applies to cloud security as well, since much of the remote work uses PaaS, SaaS, and IaaS accounts to collaborate between sites. Decoys systems and accounts can also identify unauthorized attempts to gain credential or administrative access to the VPN network segment or cloud service, giving organizations visibility into suspicious activity in those areas. Active Directory is also a prime target, and the ability to track unauthorized AD queries from endpoints is critical. Attackers target AD because it contains all the information, objects, and accounts they need to compromise an enterprise network, and such activity is difficult to detect. Detection capabilities that alert on unauthorized queries and misinform attackers can be instrumental in derailing this form of attack. Layered Defenses Secure the Present and the Future To invoke a sports analogy, you can’t spike the football before you get to the end zone. There remains a legitimate likelihood that attackers are actively lurking in networks. The situation underscores the importance of layered defenses that forces attackers to jump as many hurdles as possible to conduct their attacks. Attackers have taken advantage of the unfamiliar remote working situation to enter corporate networks, so it is vital to have protections in place to detect their lateral movement within those networks and stop them before harm can be done. Cyber Defense eMagazine – August 2020 Edition 32 Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.
About the Author Carolyn holds the roles of Chief Deception Officer and CMO at Attivo Networks. She is a high-impact technology executive with over 30 years of experience in building new markets and successful enterprise infrastructure companies. She has a demonstrated track record of effectively taking companies from pre-IPO through to multi-billion-dollar sales and has held leadership positions at Cisco, Juniper Networks, Nimble Storage, Riverbed, and Seagate. Carolyn is recognized as a global thought leader in technology trends and for building strategies that connect technology with customers to solve difficult operations, digitalization, and security challenges. Her current focus is on breach risk mitigation by teaching organizations how to shift from a prevention-based cybersecurity infrastructure to one of an active security defense based on the adoption of deception technology. Cyber Defense eMagazine – August 2020 Edition 33 Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2: Security by Design: How to Protect
Page 3 and 4: 4 Simple Ways to Repel Ransomware a
Page 5 and 6: @CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8: Cyber Defense eMagazine - August 20
Page 15 and 16: Your website could be vulnerable to
Page 23 and 24: Security by Design: How to Protect
Page 25 and 26: Security by Design = Growth by Desi
Page 27 and 28: How To Grow Your Cyber Expertise Du
Page 29 and 30: Cyber competitions and hackathons a
Page 31: that 60-day threshold has begun to
Page 35 and 36: Since the cloud business infrastruc
Page 37 and 38: COVID-19 And Security Team Cuts Are
Page 39 and 40: Soc Teams Impacted by Redundancies
Page 41 and 42: Security Tech Investments Also on H
Page 43 and 44: Work from Home = New Challenges for
Page 45 and 46: Most Companies Continue to Use/Inve
Page 47 and 48: Mitigation and Legal Costs Are the
Page 49 and 50: The findings from our survey clearl
Page 51 and 52: normal that not everyone was prepar
Page 53 and 54: What companies can do... Start with
Page 55 and 56: Regulatory compliance is becoming m
Page 57 and 58: WireGuard - Separating Fact from Fi
Page 59 and 60: Running in-kernel Can you achieve t
Page 61 and 62: The reality is that many organizati
Page 63 and 64: About the Author Egon Rinderer is t
Page 65 and 66: Countless times I have seen an orga
Page 67 and 68: CERT Warns Bad Actors Are Targeting
Page 69 and 70: About the Author Saryu Nayyar is th
Page 71 and 72: Luckily there are several best prac
Page 73 and 74: Ransomware, Risk, And Recovery Why
Page 75 and 76: Under the very best circumstances,
Page 77 and 78: Getting Employees Back to the New N
Page 79 and 80: ● Equip IT and security teams wit
Page 81 and 82: The 14 th Annual State of Agile Rep
Page 83 and 84:
About the Author Danny is Chief Met
Page 85 and 86:
The Rising Cost of Failure How much
Page 87 and 88:
About the Author Steve Salinas is t
Page 89 and 90:
One of the defining characteristics
Page 91 and 92:
TLS/ SSL Decryption - One of the Ma
Page 93 and 94:
Key features of a good TLS/ SSL Dec
Page 95 and 96:
increasingly interested in enforcin
Page 97 and 98:
Attitude Adjustments There is a lot
Page 99 and 100:
Why Academic Openness and A Rise in
Page 101 and 102:
Of course, it is always a good idea
Page 103 and 104:
and mitigated. Unfortunately, the f
Page 105 and 106:
HIPAA Compliance and The Protection
Page 107 and 108:
● Verifying that the workforce co
Page 109 and 110:
Smart Gadgets in Proving Workplace
Page 111 and 112:
Through this effort, we would try t
Page 113 and 114:
who would take advantage over whom
Page 115 and 116:
legal frameworks and regulations. I
Page 117 and 118:
ad actors the highest hit rates fro
Page 119 and 120:
Are the Worst Cryptocurrency Securi
Page 121 and 122:
Shortcuts Lead to Cryptocurrency Vu
Page 123 and 124:
Only initially could you claim that
Page 125 and 126:
Cyber Defense eMagazine - August 20
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
You asked, and it’s finally here
Page 139 and 140:
TRILLIONS ARE AT STAKE No 1 INTERNA
Page 141 and 142:
8 Years in The Making… Thank You
Page 143 and 144:
Page 145 and 146:
Page 147:
i Multiple sources - Microsoft SIR,
show all

Cyber Defense eMagazine August 2020 Edition

Create successful ePaper yourself

Delete template?

Save as template?