Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Cybersecurity – Attack and Defense Strategies

You're reading from   Cybersecurity – Attack and Defense Strategies Counter modern threats and employ state-of-the-art tools and techniques to protect your organization against cybercriminals

Arrow left icon
Product type Paperback
Published in Dec 2019
Publisher Packt
ISBN-13 9781838827793
Length 634 pages
Edition 2nd Edition
Languages
Tools
Arrow right icon
Authors (2):
Arrow left icon
Dr. Erdal Ozkaya Dr. Erdal Ozkaya
Author Profile Icon Dr. Erdal Ozkaya
Dr. Erdal Ozkaya
Yuri Diogenes Yuri Diogenes
Author Profile Icon Yuri Diogenes
Yuri Diogenes
Arrow right icon
View More author details
Toc

Table of Contents (20) Chapters Close

Preface 1. Security Posture 2. Incident Response Process FREE CHAPTER 3. What is a Cyber Strategy? 4. Understanding the Cybersecurity Kill Chain 5. Reconnaissance 6. Compromising the System 7. Chasing a User's Identity 8. Lateral Movement 9. Privilege Escalation 10. Security Policy 11. Network Segmentation 12. Active Sensors 13. Threat Intelligence 14. Investigating an Incident 15. Recovery Process 16. Vulnerability Management 17. Log Analysis 18. Other Books You May Enjoy
19. Index

Enhancing your security posture

If you carefully read this entire chapter, it should be very clear that you can't use the old approach to security facing today's challenges and threats. When we say old approach, we are referring to how security used to be handled in the early 2000s, where the only concern was to have a good firewall to protect the perimeter and have antivirus on the endpoints. For this reason, it is important to ensure that your security posture is prepared to deal with these challenges. To accomplish this you must solidify your current protection system across different devices, regardless of the form factor.

It is also important to enable IT and security operations to quickly identify an attack, by enhancing the detection system. Last but certainly not least, it is necessary to reduce the time between infection and containment by rapidly responding to an attack by enhancing the effectiveness of the response process. Based on this, we can safely say that the security posture is composed of three foundational pillars as shown in the following diagram:

Figure 5: The three pillars of an effective security posture: Protection, Detection, and Response

These pillars must be solidified; if in the past the majority of the budget was put into protection, nowadays it's even more imperative to spread that investment and level of effort across all pillars. These investments are not exclusively in technical security controls; they must also be done in the other spheres of the business, which includes administrative controls. It is recommended to perform a self-assessment to identify the weaknesses within each pillar from the tool perspective. Many companies evolved over time and never really updated their security tools to accommodate the new threat landscape and how attackers are exploiting vulnerabilities.

A company with an enhanced security posture shouldn't be part of the statistics that were previously mentioned (229 days between the infiltration and detection); the response should be almost immediate. To accomplish this, a better incident response process must be in place, with modern tools that can help security engineers to investigate security-related issues. Chapter 2, Incident Response Process, will cover incident response in more detail and Chapter 14, Investigating an Incident, will cover some case studies related to actual security investigations.

Cloud Security Posture Management

When companies start to migrate to the cloud, their challenge to keep up with their security posture increases, since the threat landscape changes due to the new workloads that are introduced. According to the 2018 Global Cloud Data Security Study conducted by Ponemon Institute LLC (January 2018), forty nine percent of the respondents in the United States are "not confident that their organizations have visibility into the use of cloud computing applications, platform or infrastructure services." According to Palo Alto 2018 Cloud Security Report (May 2018), sixty two percent of the respondents said that misconfiguration of cloud platforms is the biggest threat to cloud security. From these statistics we can clearly see a lack of visibility and control over different cloud workloads, which not only cause challenges during the adoption, but it also slows down the migration to the cloud. In large organizations the problem becomes even more difficult due the dispersed cloud adoption strategy. This usually occurs because different departments within a company will lead their own way to the cloud, from the billing to infrastructure perspective. By the time Security and Operations Team becomes aware of those isolated cloud adoptions, these departments are already using applications in production and integrated with the corporate on-premises network.

To obtain the proper level of visibility across your cloud workloads, you can't rely only in a well-documented set of processes, you must also have the right set of tools. According to Palo Alto 2018 Cloud Security Report (May 2018), eighty four percent of the respondents said that "traditional security solutions either don't work at all or have limited functionality." This leads to a conclusion that, ideally, you should evaluate your cloud's provider native cloud security tools before even start moving to the cloud. However, many current scenarios are far from the ideal, which means you need to evaluate the cloud provider's security tools while the workloads are already on it.

When talking about cloud security posture management (CSPM), we are basically referring to three major capabilities: visibility, monitoring, and compliance assurance.

A CSPM tool should be able to look across all these pillars and provide capabilities to discover new and existing workloads (ideally across different cloud providers), identify misconfigurations and provide recommendations to enhance the security posture of cloud workloads, and assess cloud workloads to compare against regulatory standards and benchmarks. The table following has general considerations for a CSPM solution:

Capability Considerations

Compliance assessment

Make sure the CSPM is covering the regulatory standards used by your company.

Operational monitoring

Ensure that you have visibility throughout the workloads, and that best practices recommendations are provided

DevSecOps integration

Make sure it is possible to integrate this tool in to existing workflows and orchestration. If it is not, evaluate the available options to automate and orchestrate the tasks that are critical for DevSecOps.

Risk identification

How is the CSPM tool identifying risks and driving your workloads to be more secure? This is an important question to answer when evaluating this capability.

Policy enforcement

Ensure that it is possible to establish a central policy management for your cloud workloads and that you can customize it and enforce it.

Threat protection

How do you know if there are active threats in your cloud workloads? When evaluating the threat protection capability for CSPM, it is imperative that you can not only protect (proactive work) but also detect (reactive work) threats.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime