Cyber Defense eMagazine February Edition for 2022

More documents

Recommendations

Info

Figure 1. Three-Phase Attack Process Model What is Identity Detection and Response? The identity detection and response (IDR) strategy involves focusing on obtaining evidence during the latter two attack phases shown in Figure 1 that an adversary is traversing the targeted entity and preparing to create unwanted consequences. IDR relies on the following strategic protection activities by enterprise defenders: Establishing Identity Visibility With the dissolution of the perimeter, identities have become the new basis for access management. As a result, visibility into identity-related attack activity information is now a key source of attack surface risk and an indication that security anomalies might be present. This represents a major shift in how intrusion detection can be accomplished in the enterprise. Protecting Credentials One weak or exposed credential can open the door for an attacker. Identity security starts with finding and removing exposed credentials. Policy-based controls can also bind credentials to their credential stores and prevent misuse. Used in conjunction with concealment and deception technology, organizations can also prevent theft and misuse by hiding production credentials and using deception lures and fake artifacts to trick attacker tools and divert the attack to decoys. Addressing Directory Services For many enterprise teams, their most essential identity resource is Microsoft Active Directory (AD). Through AD, administrators create new users, groups, and domains to set up policy-based enforcement Cyber Defense eMagazine – February 2022 Edition 86 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
of how PCs, laptops, and other Windows-based services are accessed and managed. Adversaries thus target AD to gain domain control. Given that it is intrinsically insecure, the success rate for exploits it is generally high. Focusing on Privileges A key activity in the attack strategy for malicious actors involves escalating privileges and entitlements during dwell time and lateral traversal across the targeted enterprise. For this reason, IDR must also focus on this privilege-based aspect of an offensive campaign to detect that an anomaly might be present, and that some security action will be required. Figure 2. A Platform Model for Identity Detection and Response (IDR) Commercial implementations of these IDR requirements are beginning to appear – and all seem to tout the benefits of early detection of lateral traversal, directory-based probing, and misuse of privileges. Enterprise security teams now understand that IDR is emerging as a new required area of control for their network. Action Plan Security teams should develop a plan to determine how best to leverage IDR solutions to reduce cyber risk. While the context of each enterprise will vary based on its local systems and infrastructure, most teams will benefit by following the steps listed below. Cyber Defense eMagazine – February 2022 Edition 87 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
How Criminals Have Migrated Through
Page 3 and 4:
Combining True MDR & SOC for Robust
Page 5 and 6:
@CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8:
Cyber Defense eMagazine - February
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
How Criminals Have Migrated Through
Page 19 and 20:
Quite often the perpetrator claims
Page 21 and 22:
• Identity Access Management (IAM
Page 23 and 24:
About The Author Active with the IC
Page 25 and 26:
Given the rise in cyber-attacks, th
Page 27 and 28:
Why is that? Let’s take COVID-19
Page 29 and 30:
soon as possible and base it on str
Page 31 and 32:
How Do I Reliably Identify You If I
Page 33 and 34:
validation, what can be a very reli
Page 35 and 36: How To Improve Federal Endpoint Det
Page 37 and 38: What should agencies look for in a
Page 39 and 40: Decision Trees in Case of a Ransomw
Page 41 and 42: expertise’s recommended returning
Page 43 and 44: was sentenced to 12 years for payin
Page 45 and 46: Verify But Trust Managing insider t
Page 47 and 48: We now live in a world where the in
Page 49 and 50: 2. Cryptographic Failures - Cryptog
Page 51 and 52: Conclusion Penetration testing is a
Page 53 and 54: 1. Increase enterprise security pro
Page 55 and 56: minimise the impact on business per
Page 57 and 58: Today's Digital Battlefield Demands
Page 59 and 60: UAE can be a cyber security powerho
Page 61 and 62: Why Ransomware is Only a Symptom of
Page 63 and 64: Response vendor that can leverage a
Page 65 and 66: Critical IT infrastructure had to b
Page 67 and 68: Killware is the Next Big Cybersecur
Page 69 and 70: The most effective way to defend ag
Page 71 and 72: Combining True MDR & SOC for Robust
Page 73 and 74: especially those who want to build
Page 75 and 76: intelligence, data logs, and advanc
Page 77 and 78: But when it comes to cybercrime, a
Page 79 and 80: of in 2022. In effect, ransomware h
Page 81 and 82: Detect Ransomware Data Exfiltration
Page 83 and 84: Advanced SQL Behavioral Analysis fr
Page 85: In contrast, the corresponding reac
Page 89 and 90: Cyber Insurance: What Executives Ne
Page 91 and 92: Keeping Premiums Low Once Coverage
Page 93 and 94: Data Security Must Be a Priority as
Page 95 and 96: sites like Facebook or LinkedIn. Cy
Page 97 and 98: Why Building Managers Need to Prior
Page 99 and 100: It should also provide the means fo
Page 101 and 102: Cyber Defense eMagazine - February
Page 123 and 124: CyberDefense.TV now has 200 hotseat
Page 125 and 126: Books by our Publisher: https://www
show all

Cyber Defense eMagazine February Edition for 2022

Create successful ePaper yourself

Delete template?

Save as template?