Cyber Security automation has a massive upside, improving accuracy and efficiency while reducing the amount of redundancy and incidence. However, I am leaning more to disagreeing with cyber security automation “leveling” the playing field. We still need sys and network admins to monitor and maintain said programs. The amount of risk and consequences still persist. Attackers are always on the clock and they won’t be waiting for the automated security to keep up with them. Matter of fact, I wouldn’t be surprised if they manipulate the defenses. How do we, as users, know if we’re under attack when the automated security doesn’t react or report any breach? Lastly, I want to point out is the “human error” into utilizing an AI focused defense system, which the automated system itself depends on the sys admin’s configuration ability. One misstep or mistake can be catastrophic (not too dramatic).
Friday, July 28, 2023
Saturday, July 22, 2023
Week 7 Posting - The Importance of Proactive Threat Hunting
Attack vectors
A
feared and respected general does not necessarily rush into the battlefield
with no plans in their arsenal. In order for a successful attack against their
enemies, they need to plan ahead, optimize their current resources and understand
the playground. Likewise, most attackers usually have an attack vector in their
bag. This is a method of obtaining access to a network or system illegally. These
attackers have different ways to approach them, whether it’s through malware, vulnerability
exploitation, social engineering or insiders (Chapman & Maymi, p.339,
2020). Malware now days are becoming more polymorphic, meaning they adapt to
their environments while on the move to infecting the system. Regarding vulnerability
exploitation, zero-day attacks prove to be a massive blow to defenders and
threat hunters since no one will be aware or notice any breach that occurs. Social
engineering is tricking users and targets into revealing their personal and
sensitive information. Because of this manipulative act, attackers will plant
their malware into the network. Lastly, an insider can be anyone, which is one
of the trickiest assignments for a threat hunter to exploit. This could be a
former or current employee. They are literally in the network and it’s hard to
figure out whether they’re doing suspicious activities or not.
References:
Chapman, B., &
Maymi, F. (2020). CompTIA CySA+ Cybersecurity Analyst
Certification All-in-One Exam Guide, Second Edition (Exam CS0-002).
McGraw Hill Professional.
Saturday, July 15, 2023
Week 6 Posting - Data Analysis in Security Monitoring Activities and Implement Configuration Changes to Existing Controls to Improve Security
You can learn a lot from experimenting different subjects to further enhance the knowledge of the scholar. In other words, you gain a lot of data from proving or disproving hypotheses or ideas by providing evidence or lack of. Sandboxing is one of the many examples of experimentation. It’s an effective cyber security practice that allows security specialists to operate codes by observing / analyzing them in an isolated, virtual environment on a network that mirrors regular user’s OS environments. Basically, it’s a practice that inspect unknown and untested code. It’s a helpful area to test out malware without worrying about it attacking neighboring networks since nothing is directly attach to the isolated environment. Often times, security specialists execute software in the sandboxes and report / examine the effects that occurs. With enough data, counter measurements will take place that would benefit the company (Chapman & Maymi, p322, 2020). Some drawbacks with sandboxing are that it is heavily resources reliant, meaning that it can be costly. On top of that, the infrastructure of the sandboxes can be complex and consist of a steep learning curve.
References:
Chapman, B., &
Maymi, F. (2020). CompTIA CySA+ Cybersecurity Analyst
Certification All-in-One Exam Guide, Second Edition (Exam CS0-002).
McGraw Hill Professional.
Saturday, July 8, 2023
Week 5 Posting - Software and Hardware Assurance Best Practices
Most
businesses have their software development department, quality assurance, cyber
security team, and IT operations team. Somewhere down the line, there would be
hiccups that would negatively affect one department that was created by its
neighboring department. For example, assignments from QA could indirectly
affect the IT operation team’s incentive and productivity. According to Chapman
and Maymi, a solution to solve the friction between teams and department is
collaborating them into one multifunctional team called DevOps or DevSecOps.
This practice will align all department’s incentives and goals to ultimately
enable more efficient and consistent performance (Chapman & Maymi, p.225,
2020).
Personally, communication
is key. By having everyone collaborate to further prevent anymore hiccups and
speed bumps on the way will definitely improve the company’s production. The
only flaw I can think of in this multifunctional team that it’ll get more complicated
and more complex. It’ll be hard to manage and monitor multiple resources and
programs within the team. On top of that, it might be required for all team
players to learn new programs which could be timely.
References:
Chapman, B., & Maymi, F. (2020). CompTIA CySA+
Cybersecurity Analyst Certification All-in-One Exam Guide, Second Edition (Exam
CS0-002). McGraw Hill Professional.
Online, O. E. (2023).
10 Advantages and Disadvantages of DevOps. Open Education Online. https://openeducationonline.com/magazine/advantages-and-disadvantages-of-devops/
Week 4 Posting - Security Solutions for Infrastructure Management
Honeypots and Honeynets
are every cyber security worker’s best friends. These tools are ultimately designed
to attract cyber attackers by intentionally exposing a vulnerable hardware or
system. One of my favorite features about these tools is that it’s being
monitored and will send out alters and messages to any suspicious activities.
Honeypots target attackers that are attempting
to sabotage a hardware whereas honeynet target attackers that are attempting to
sabotage an entire network. One of the flaws with utilizing these tools are
experienced attackers will bypass them and will attack other areas. The thing
is, these tools are isolated away from other networks, which makes it obvious
to experienced attackers. Another flaw is that they can only collect a limited
amount of data.
References:
Chapman, B., & Maymi, F. (2020). CompTIA CySA+
Cybersecurity Analyst Certification All-in-One Exam Guide, Second Edition (Exam
CS0-002). McGraw Hill Professional.
Lutkevich, B., Clark,
C., & Cobb, M. (2021). honeypot (computing). Security. https://www.techtarget.com/searchsecurity/definition/honey-pot
Week 10 Posting - Cloud Automation
For the final week of class, we learned about cloud automation and using common terminology that are used in automation services and techniq...
-
Virtual network interface controllers or vNICs physically and virtually connect the virtual machine to other neighboring machines (West, 202...
-
This week, the class and I went over the topic of cloud storage and identifying multiple types of data types stored in the cloud. In the rea...
-
This week, the class went out cloud connectivity and troubleshooting. We learned how VLANs and common network connectivity tools work. I wan...