Week 8 Posting - Automation Concepts and Technologies

 Cyber Security automation has a massive upside, improving accuracy and efficiency while reducing the amount of redundancy and incidence.  However, I am leaning more to disagreeing with cyber security automation “leveling” the playing field. We still need sys and network admins to monitor and maintain said programs. The amount of risk and consequences still persist. Attackers are always on the clock and they won’t be waiting for the automated security to keep up with them. Matter of fact, I wouldn’t be surprised if they manipulate the defenses. How do we, as users, know if we’re under attack when the automated security doesn’t react or report any breach? Lastly, I want to point out is the “human error” into utilizing an AI focused defense system, which the automated system itself depends on the sys admin’s configuration ability. One misstep or mistake can be catastrophic (not too dramatic).

Week 7 Posting - The Importance of Proactive Threat Hunting

Attack vectors

A feared and respected general does not necessarily rush into the battlefield with no plans in their arsenal. In order for a successful attack against their enemies, they need to plan ahead, optimize their current resources and understand the playground. Likewise, most attackers usually have an attack vector in their bag. This is a method of obtaining access to a network or system illegally. These attackers have different ways to approach them, whether it’s through malware, vulnerability exploitation, social engineering or insiders (Chapman & Maymi, p.339, 2020). Malware now days are becoming more polymorphic, meaning they adapt to their environments while on the move to infecting the system. Regarding vulnerability exploitation, zero-day attacks prove to be a massive blow to defenders and threat hunters since no one will be aware or notice any breach that occurs. Social engineering is tricking users and targets into revealing their personal and sensitive information. Because of this manipulative act, attackers will plant their malware into the network. Lastly, an insider can be anyone, which is one of the trickiest assignments for a threat hunter to exploit. This could be a former or current employee. They are literally in the network and it’s hard to figure out whether they’re doing suspicious activities or not.

 

References:

Chapman, B., & Maymi, F. (2020). CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide, Second Edition (Exam CS0-002). McGraw Hill Professional.

Week 6 Posting - Data Analysis in Security Monitoring Activities and Implement Configuration Changes to Existing Controls to Improve Security

            You can learn a lot from experimenting different subjects to further enhance the knowledge of the scholar. In other words, you gain a lot of data from proving or disproving hypotheses or ideas by providing evidence or lack of. Sandboxing is one of the many examples of experimentation. It’s an effective cyber security practice that allows security specialists to operate codes by observing / analyzing them in an isolated, virtual environment on a network that mirrors regular user’s OS environments. Basically, it’s a practice that inspect unknown and untested code. It’s a helpful area to test out malware without worrying about it attacking neighboring networks since nothing is directly attach to the isolated environment. Often times, security specialists execute software in the sandboxes and report / examine the effects that occurs. With enough data, counter measurements will take place that would benefit the company (Chapman & Maymi, p322, 2020). Some drawbacks with sandboxing are that it is heavily resources reliant, meaning that it can be costly. On top of that, the infrastructure of the sandboxes can be complex and consist of a steep learning curve.

 

References:

Chapman, B., & Maymi, F. (2020). CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide, Second Edition (Exam CS0-002). McGraw Hill Professional.

Week 5 Posting - Software and Hardware Assurance Best Practices

 

          Most businesses have their software development department, quality assurance, cyber security team, and IT operations team. Somewhere down the line, there would be hiccups that would negatively affect one department that was created by its neighboring department. For example, assignments from QA could indirectly affect the IT operation team’s incentive and productivity. According to Chapman and Maymi, a solution to solve the friction between teams and department is collaborating them into one multifunctional team called DevOps or DevSecOps. This practice will align all department’s incentives and goals to ultimately enable more efficient and consistent performance (Chapman & Maymi, p.225, 2020).

Personally, communication is key. By having everyone collaborate to further prevent anymore hiccups and speed bumps on the way will definitely improve the company’s production. The only flaw I can think of in this multifunctional team that it’ll get more complicated and more complex. It’ll be hard to manage and monitor multiple resources and programs within the team. On top of that, it might be required for all team players to learn new programs which could be timely.

References:

Chapman, B., & Maymi, F. (2020). CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide, Second Edition (Exam CS0-002). McGraw Hill Professional.

Online, O. E. (2023). 10 Advantages and Disadvantages of DevOps. Open Education Online. https://openeducationonline.com/magazine/advantages-and-disadvantages-of-devops/

Week 4 Posting - Security Solutions for Infrastructure Management

 

Honeypots and Honeynets are every cyber security worker’s best friends. These tools are ultimately designed to attract cyber attackers by intentionally exposing a vulnerable hardware or system. One of my favorite features about these tools is that it’s being monitored and will send out alters and messages to any suspicious activities.

 Honeypots target attackers that are attempting to sabotage a hardware whereas honeynet target attackers that are attempting to sabotage an entire network. One of the flaws with utilizing these tools are experienced attackers will bypass them and will attack other areas. The thing is, these tools are isolated away from other networks, which makes it obvious to experienced attackers. Another flaw is that they can only collect a limited amount of data.

 

References:

Chapman, B., & Maymi, F. (2020). CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide, Second Edition (Exam CS0-002). McGraw Hill Professional.

Lutkevich, B., Clark, C., & Cobb, M. (2021). honeypot (computing). Security. https://www.techtarget.com/searchsecurity/definition/honey-pot