Cybersecurity is a topic that practically every company must tackle
Driven by an increasing awareness of risks and threats, the market for cybersecurity solutions is growing fast
Whilst it was common to dismiss cybersecurity as a task for the IT department, it is now increasingly becoming part of top-level strategic planning
The COVID-19 crisis led to many companies having to reduce or delay investments, also in cybersecurity
At the same time, new impetus is generated due to a strong shift to mobile working and increasing cyberattacks
The market is expected to continue showing strong growth, albeit at a lower level than in the past because of the change in trend towards more target-oriented investments
North America is the dominant region in this market, and the largest segment is IT Services.
ELEMENTS OF AN EFFECTIVE DEFENSE
What is the goal of an effective cyberdefense?
Simply stated, the goal is to take the onus of perfection off of the defender and push it back onto the attacker, where it belongs
With an ineffective cyberdefense, the defender has to do everything perfectly to protect the enterprise
With an effective cyberdefense, the attacker has to do everything perfectly to attack the enterprise
Defensive techniques that are particularly effective at disrupting, detecting, delaying, and defeating common attacks to include the following:
It has been used for decades to protect classified military and civilian network
Stuxnet attack demonstrated that even isolated, air-gapped networks can be attacked.
Segmentation and network isolation
They make the attackers’ job orders of magnitude more difficult than attacking a monolithic, fully connected, and unmonitored internal network
In legacy networks, Internet-facing DMZ servers are isolated, but everything else is in a single “trusted zone.”
In fully segmented networks, each major function is isolated from the others.
In general, the network segmentation model should be as follows:
Nested (cybercastle analogy)
Integrated into the enterprise security scope architecture (risk assessments)
Systems in different security scopes should be segmented at the network layer
In between network segments, the enterprise should have its full range of network protection capabilities such as firewalls, IDS/IPS sensors, network recorders, and data leakage protection technologies.
Well-segmented networks
Allow legitimate network traffic to follow straightforward patterns that are easy to protect; and
Allow traffic to follow patterns that can be monitored so security can respond to malicious patterns
The best defense is the one that detects the attackers and alerts defenders so they can respond.
Relatively easy for attacker to find such credentials
Strong authentication
Involves users proving who they are over a network or on enterprise computers by combining something they have with something they know
Requires the attacker to physically steal the token used for secondary authentication or clone the token
Is strong authentication foolproof?
Absolutely not! –Subject to “session hijacking” where attackers take control of the user’s computer and then wait for the user to log on before sending illicit commands
Overall significantly reduces the odds of a user’s credentials being used without the user’s consent or knowledge
Segmentation protects security scopes (and business functions) from each other
Network security methods can detect attacker attempts to move laterally across the segmented network
Strong authentication coupled with solid network segmentation contributes to an effective cyberdefense
EFFECTIVE DEFENSIVE TECHNIQUE 3—DETECTION
In many cases, an enterprise may not care if an attacker gains control of a single enterprise system or a single user account from the Internet or even inside the environment—particularly over a short period of time
What makes these attacks insidious is the following:
If the attacks are allowed to progress for hours or days or weeks or months, undetected and unchecked
If attackers gain control of enterprise systems administration systems
If the enterprise simply blocks attackers, they will continue to pound on enterprise defenses over time until they can get around the block.
Given enough time, attackers will eventually defeat every obstacle the enterprise can put in their way
Design enterprise controls focus on detecting the adversary activity first, and then preventing it. In other words, think of the Audit First Design Methodology.
Just as a minefield is most effective when the mines are arranged in haphazard, unpredictable patterns, an enterprise’s detective controls are most effective when they are somewhat arbitrary and hard to predict
Simple, but effective, detection rules include the following:
On segmented network :
Detect port and network scans that extend from one segment to the next
Detect systems administration protocols such as secure shell or remote desktop when they originate from servers.
For privileged accounts :
Send administrators a daily report showing all the computers where their accounts were used, along with an admonition to report any suspected account abuse.
Alert
On the use of network administration tools or scanning tools from workstations such as ping or traceroute
On the use of highly privileged network or service accounts on machines outside of the datacenter
On changes to static web content on Internet-facing servers
On outbound web connections other than patch downloads from Internet-connected servers
On protocol anomalies in standard web traffic such as domain name service or simple mail transfer protocol.
Just as a minefield is most effective when the mines are arranged in haphazard, unpredictable patterns, an enterprise’s detective controls are most effective when they are somewhat arbitrary and hard to predict
EFFECTIVE DEFENSIVE TECHNIQUE 4—INCIDENT RESPONSE
Some cyberattackers penetrate cyberdefenses no matter how well the defenses are designed, implemented, or maintained
Detecting cyberattackers is not going to save an enterprise if it does not have anyone
Responding to those alerts
Investigating them to filter out false positives to identify the real attacks
Repelling those attacks so that business can continue.
Incident response can be done by
An enterprise response team that is always on standby; and
A third party who is kept on retainer or otherwise engaged
It is critical the enterprise perform incident response to repel attacks when they occur and send the attackers back to their starting points.
EFFECTIVE DEFENSIVE TECHNIQUE 5—RESILIENCY
Perhaps the most important property of an effective cyberdefense is resiliency. “Resiliency is the enterprise’s ability to withstand attacks that successfully compromise endpoints, servers, and accounts without those attacks resulting in the attackers gaining complete control. ”
Resiliency means the following:
Defenders have ability to dynamically respond to cyberattacks by containing them, remediating them, or isolating them
Attacker’s plan is disrupted and defenders have time and room to maneuver in response to the attack.
Resiliency includes the ability to:
Rapidly rebuild compromised servers or endpoints;
Reset user credentials and obtain detailed logs of user account activity of accounts that may have been compromised
Rapidly restore data or applications from backups that are known to be good and free of infection or malware
Isolate sections of the enterprise, or even the entire enterprise, from the Internet so attackers lose the ability to control their foothold.
Resiliency gives defenders options in an incident response (that is, agility) that makes it possible for defenders to outmaneuver their attackers
Defenders can take control of the situation, achieve rapid containment, and remediate incidents before adversaries gain administrative control and complete their objective
Resiliency gives defenders options in an incident response (that is, agility) that makes it possible for defenders to outmaneuver their attackers
Defenders can take control of the situation, achieve rapid containment, and remediate incidents before adversaries gain administrative control and complete their objective
Tweet Consumer electronic shopping analysis using De Kare-Silver’ factors that should be considered in the electronic shopping test: 1- The Characteristics of the product. a. Does the product need to be physically tried? or b. Touched before it is bought? 2- The degree of confidence and Familiarity To which degree the consumer recognizes and trusts the product or brand. 3- The attributes of the consumer: - Technology accessibility - Skills available - Willingness to shop for a product in a traditional retail environment To measure the suitability of buying a product online ranked as below and given a score out of 50: Typical results from the evaluation, where products are scored out of 50 for suitability for electronic commerce, are: - Books (38/50) - Travel (31/50) - Groceries (27/50) - Mortgages (15/50) The product achieved a score higher than 20 has good potential as per De Kare-Silver, and he s...
Tweet Benefits of SMS Marketing for Small Business Compared to other forms of advertising, SMS marketing provides the lowest cost and highest return rate that is crucial in today’s shrinking economy and budgets. Most have cut back on traditional marketing due to costs. But that just drives down your sales. SMS marketing scales with your campaign and sales growth making the ROI higher the larger you grow, not the other way around. SMS marketing is also permission based. The customer has given you permission to contact them through our SMS platform. Customers that opt-in to receive information are most likely to buy over someone who receives a direct mail piece, reads your ad in the newspaper or hears your ad on the radio. Other main advantages of SMS marketing over traditional advertising: Cost: The larger your campaign gets, the lower the costs become on a per customer basis. Reach: Your customer’s always have their mobile phone with them. No matter wh...
Tweet Marketing Mix: It is the 7Ps touches every part in the organization. ● Product ● Price ● Place ● Promotion ● People ● Physical evidence ● Processes Digital world values for every element: 1- Product Create new versions, variations and even new products and services. Exploit your distinctive competitive advantage by having a strong and clear Online Value Proposition (OVP). 2- Price Pricing structures and options become more complex. It is crucial to get the pricing right in the short, medium and long terms. Online tools like reverse auctions, customer unions, commoditization, cybermediaries, intermediaries, infomediaries and shopping bots will make you capable to review the new price structure in your market driven by customers who looking for lower prices. 3- Place Increase your representation and make you widely available. 4- Promotion It is more dynamic, carefully targeted, highly relevant and helps ...
Comments
Post a Comment