Photo by Towfiqu barbhuiya on Unsplash
Hey folks,
How was your day? i hope that it was awesome, if not no worries. I gotchu covered.
Now, If you’re one of the very few regular readers’ I’d like to mention that my publication can delay more often(an hour or more), I have like 5 hours of free time per day and I’m giving 2 H for writing and managing this series, I have a really tight schedule. I don’t wanna stress myself out which would cause me burnouts and eventually make me stop all the things. In those 5 hours, I’m focusing on upSkilling my network enumeration and learning more things so that i can discuss them here.
let’s get straight into the topics!
- Security Posture
Security posture is the term used to refer to the overall security measurements of a company such as threat prevention capabilities and mitigation. A good security-focused company maintains a balanced and performance based security posture, It should be having the right threat intelligence and the capabilities to mitigate possible cyberattacks and intrusions. It should be strong enough stop them, so that the company will not suffer from huge loss of money.
Photo by Joyce Hankins on Unsplash
The thing is that, These days people aren’t that much interested to know on how to protect themselves, they just want big companies to spoonfeed them. Coming days, the number of attackers can highly increase and the only way we can stop this is by making awareness and educating normal people. Because, normal white collar employees will be the first target for these attackers. Now let’s be real, if you’re a predator would you choose a weak prey or a strong prey? weak ones are easy to pick on. Easy come easy go. They think that hacking is like running some cmatrix cmd on linux, In reality it’s a lot complicated and requires great attention to understand how machines work, If you know how things work, you can either exploit them or save them from being exploited.
2. Threat Deception Technology
Threat deception technology is like an upgrade to the pre-existing honeypots in the network. While honeypots can mimic and lure attackers inside they can’t do much work aside that. Threat deception technology can create multiple honeypot-like structures across all of the company’s infrastructure, It may seem like an exaggeration but we gotta do what we have to do to protect our assets. You gotta be vary of your surroundings, be it whether you’re in digital-world or real-world. Threat deception technology can make the attackers trigger carefully seated trip-wires purposefully left open to seem like a critical vulnerability, if the attacker is very dumb he/she may mistake it for a 0-day. Now, how grand as an attacker you would feel to discover a 0-day?(0-day is a type of security vulnerability in systems where after it’s first discovery the devices which are running that application will immediately get compromised, giving no time to that applications’ team to roll a security update), For me, I would feel proud of myself. I guess that’s how everyone would feel.
Photo by Andrey Metelev on Unsplash
In security, everything feels as if they are very small minor things but we gotta learn all of them, not so that we can boast about it but to mark ourselves safe whenever a tsunami resembling cyber-warfare starts. I might be head over heels for such kind of euphoric scenarios, let’s see!
3. Return on security investments
I hate to include this in the series, but we have to cover this one as well as others. So, bear it with me. Return on security investments is the measurement to see the overall returns(profits) coming out of their security investments such as better company security applications’ usage, robust and efficient intrusion detection systems, Application security and employee security training and education etc. If the profits are directly proportional to the risk factors, the company can safely continue their existing expenditure on such investments. If not, the company cuts down the investments based on it’s priority level. A Company cannot overlook the losses which would eventually exhaust itself out of resources(income), While it’s recommended to be safe as always, it’s also important to mark themselves over the breakeven point.
Photo by Kenny Eliason on Unsplash
The returns can be on the way of other things rather than just the benefits, such as great public demand due to this specific company using this specific security standards, good constant company share market growth etc. When it comes to economics and finance my head hurts not because i can’t understand it but because i understand it a bit too much and all of that data travels in a state of sonic-boom, and that’s bad to do. So, don’t do it if you feel the same way. Maybe we can discuss it when my brain is very idle(impossible).
4. Root cause analysis
Root cause analysis is a methodology where we can accurately pin-point what kind of security architecture is making the devices vulnerable to attackers, It can be more than just the architecture. It can be wireless networks, application vulnerabilities and external social engineering tricks played on people with less-security knowledge. In simple terms, it’s like navigating ourselves back to our home folder in linux after going through a (rabbit hole) bunch of files in our system. We can draw the causes and what’s making that cause do this behavior. Let me try to make it more easier to understand, I’m driven by a burning desire for knowledge and wisdom. To reach greater heights, knowledge and experience are important. Now, what’s my root cause to do everything here? It’s thirst for knowledge. That’s my root cause analysis.
Photo by Blake Weyland on Unsplash
While it’s hard to make machines understand this type of logical reasoning, it’s like a child’s play to us. That’s why all we need is a pen and a paper to make things easier, be it in any context. Take a pen and a paper and try to list out the root causes of your good and bad things to see the roots of them!
5. Indicators of compromise
It’s easy for me to say that “attackers are dumb and skiddies, we can easily filter them out when they try to compromise our systems.” But i wont, because it’s not the easy way. I like people who choose the hard way. Don’t choose the easy way out, Choose the hard one. I strongly believe that any dedicated attacker will be choosing the longest and the hardest way possible. Like clearly, it’s how people think(the easy way). It’s how normal people think. “He did that, after that he did this….” To reconstruct the scene of a compromise, the team needs to assess the attacker’s IQ and his/her knowledge and based on this they will assume how he entered into the network and then into the system. The attacker would do something which is usually hard to do, it’d take the opposite team weeks to just reconstruct from what remains.
Photo by Hansjörg Keller on Unsplash
Now, coming to the indicators. They include heavy network traffic inside the company’s premises from a swarm of compromised devices or specific individual ones, Plausible key logger infections, high cpu/gpu usage, abnormal cmd prompt behavior, application crashes, Windows defender turning off and many more.
They are the topics, I hope that you had learnt something today.
I’ll see you tomorrow! Hopefully a little early than today.