CS Sep-Oct 2021
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
global intelligence<br />
Incident Notifications - activity that<br />
suggests an active compromise of your<br />
system. For example: a host on your<br />
network has most likely been infected with<br />
a strain of malware<br />
Network Abuse Events - this may be<br />
indicators that your assets have been<br />
associated with malicious or undesirable<br />
activity, such as a client on your network<br />
has been detected scanning the internet<br />
Vulnerability and Open Port Alerts -<br />
indications of vulnerable services running<br />
on your network or potentially undesired<br />
applications are exposed to the internet.<br />
For example: you have a vulnerable<br />
application or have an exposed<br />
Elasticsearch service.<br />
Cyber security researchers will often uncover<br />
malicious activity on the internet or discover<br />
weaknesses in organisations security controls<br />
and release this information in information<br />
feeds. In addition, the N<strong>CS</strong>C or its partners<br />
may uncover information that is indicative of<br />
a cyber security compromise on a network.<br />
The N<strong>CS</strong>C will collate this information and<br />
use this data to alert organisations about<br />
potential attacks on their networks.<br />
There are two types of alerts that will be sent<br />
out when an alert has been detected for any<br />
organisation:<br />
Daily Threat Alert - this includes Incident<br />
Notifications and Network Abuse Reports<br />
Weekly Vulnerability Alert - this includes<br />
Vulnerability and Open Port Alerts.<br />
The organisation involved can then use<br />
this information passed on by Early Warning<br />
to investigate the issue and implement<br />
appropriate mitigation solutions where<br />
required. The N<strong>CS</strong>C's website provides advice<br />
and guidance on how to deal with most<br />
cyber security concerns.<br />
BENEFITS OF EARLY WARNING<br />
By signing up to Early Warning, an organisation<br />
will be alerted to the presence of<br />
malware and vulnerabilities affecting its<br />
network. Early Warning will notify on all<br />
cyber attacks detected by feed suppliers<br />
against that particular organisation. "This<br />
should not be used as the only layer of<br />
defence for a network," cautions the N<strong>CS</strong>C.<br />
"Early Warning should complement your<br />
existing security controls."<br />
ENHANCING SECURITY<br />
Early Warning aims to enhance security by<br />
increasing awareness of the low-grade<br />
incidents that could become much bigger<br />
issues, so that organisations can act on these<br />
at the earliest opportunity, so that they have<br />
increased confidence in the security of their<br />
networks. Other key considerations:<br />
The service is free and fully funded<br />
by the N<strong>CS</strong>C<br />
Early Warning does not conduct any active<br />
scanning of a networks itself. (However,<br />
some of the feeds may use scan-derived<br />
data - eg, from commercial feeds.)<br />
CISA executive assistant director for<br />
Cybersecurity, Eric Goldstein, comments:<br />
"Organisations that apply the best practices of<br />
cyber security, such as patching, can reduce<br />
their risk to cyber actors exploiting known<br />
vulnerabilities in their networks. Collaboration<br />
is a crucial part of CISA's work and we have<br />
partnered with A<strong>CS</strong>C, N<strong>CS</strong>C and FBI to<br />
highlight cyber vulnerabilities that public and<br />
private organisations should prioritise for<br />
patching to minimise risk of being exploited<br />
by malicious actors."<br />
For his part, FBI cyber assistant director<br />
Bryan Vorndran had this to add: "The FBI<br />
remains committed to sharing information<br />
with public and private organisations in an<br />
effort to prevent malicious cyber actors from<br />
exploiting vulnerabilities.<br />
"We firmly believe that coordination and<br />
collaboration with our federal and private<br />
sector partners will ensure a safer cyber<br />
environment to decrease the opportunity<br />
for these actors to succeed."<br />
LIFT COLLECTIVE DEFENCES<br />
Head of the A<strong>CS</strong>C, Abigail Bradshaw <strong>CS</strong>C,<br />
believes the guidance will be valuable for<br />
enabling network defenders and<br />
organisations to lift collective defences<br />
against cyber threats. "This advisory<br />
complements our advice available through<br />
cyber.gov.au and underscores the<br />
determination of the A<strong>CS</strong>C and our partner<br />
agencies to collaboratively combat malicious<br />
cyber activity."<br />
Amongst those who see attacks and<br />
breaches every day out in the commercial<br />
world, Jon Fielding, managing director, EMEA<br />
Apricorn, sees the N<strong>CS</strong>C joint advisory as a<br />
great demonstration of collaboration and the<br />
growing need to mitigate against these<br />
common threats. "We are in a software age<br />
and digitalisation is being embraced by more<br />
and more businesses, but, in doing so, the<br />
risks are extended, as security fails to keep<br />
pace with the level of software development<br />
which can provide a weak link into a<br />
corporate network. Ultimately, businesses will<br />
never be 100% secure and, whilst the joint<br />
advisory is a positive step, data needs to be<br />
kept offline and encrypted wherever possible.<br />
Employing a hardware-centric approach,<br />
void of software involvement and encrypting<br />
sensitive data wherever it resides [server,<br />
laptop, removable media] is imperative, so<br />
that, if defences are breached, you remain<br />
protected."<br />
* https://us-cert.cisa.gov/ncas/alerts/aa21-209a<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Sep</strong>tember <strong>2021</strong> computing security<br />
29