Today, just a little bit about threats that we are facing today, and that are getting to be more serious in coming years. Short and kind a ‘high-level’ discussion to give the wide context and ideas.
Firstly, it should be said that apart from new sophisticated
types of attacks (APT, AET, ... ), we should not forget about legacy
infrastructure, which still is fundamental and crucial. Just to mention,
firewalls (NGFW are awesome, but still),
IDS/IPS, NIDS/HIPS, AVs, policy, standards, end-user awareness, etc.
When saying and listing these ‘standard’ and essential ways of protection
(layers of security) I have SIEM infrastructure in mind. It is impossible to
have it all, and understand and have
wide and clean visibility into company protection. Event management system and
correlation is a must in bigger companies with big infrastructure .etc,
somebody may ask what does mean ‘big’ or when company needs specific type of
protection. I suppose this is all about risk management. Having those applied
into our company we have context and visibility – very often we are able to
shorten incident response, and filter out tons of – let say – unknown activity.
Recently, on one of webinars, lecturer mentioned and pointed
out, that 24x7 coverage is major component of efficient incident response.
Attackers are smart guys, and very often they know when the risk of being
caught is the lowest – summer/vacation time, weekends ... etc. Now, I would
like to go through several important aspects of ‘modern threats’. BYOD and
popularity of social media. In my opinion the increasing popularity and ease of
using internet communicators app, smart devices are lowering security (on the
other hand comfort level is growing).
Very often people who are using this devices/apps are not technical
educated persons – they are not aware of risk and threats waiting for them.
Cloud technologies, easy access to global net and fast internet are also a
problem for security. Here I should write several words about insider threat.
IT espionage, IT sabotage or just spying are known to IT security; and this is
a serious problem in field of DLP/DRM.
Moving forward, to have a robust picture of what happened we
should have digital forensic on board. Awesome technologies such as E-Discovery
or Triage will be great idea for hunting or just quickly checking what
happened. In depth-analysis could be performed with tools for post-mortem
analysis (X-Ways, Encase, FTK, .etc). On the other hand we have wide range of
capture – package appliances, which is a great source of alerts (+SIEM).
Having said that, do not forget about apps (huge problem with
application in companies and validations/ white listing .etc). Pentesting and
audit should be considerated. Another field and great opportunity for security
is vulnerability scanning, code analysis and whitelisting.
Brak komentarzy:
Prześlij komentarz