SlideShare a Scribd company logo

Information Securityfind an article online discussing defense-in-d.pdf

F
forladies

Information Security find an article online discussing defense-in-depth. List your source and provide a paragraph summary of what the article stated. Solution Abstract The exponential growth of the Internet interconnections has led to a significant growth of cyber attack incidents often with disastrous and grievous consequences. Malware is the primary choice of weapon to carry out malicious intents in the cyberspace, either by exploitation into existing vulnerabilities or utilization of unique characteristics of emerging technologies. The development of more innovative and effective malware defense mechanisms has been regarded as an urgent requirement in the cybersecurity community. To assist in achieving this goal, we first present an overview of the most exploited vulnerabilities in existing hardware, software, and network layers. This is followed by critiques of existing state-of-the-art mitigation techniques as why they do or don\'t work. We then discuss new attack patterns in emerging technologies such as social media, cloud computing, smartphone technology, and critical infrastructure. Finally, we describe our speculative observations on future research directions. A multi-layered approach to cyber security utilising machine learning and advanced analytics is essential to defend against sophisticated multi-stage attacks including: Insider Threats | Advanced Human Attacks | Supply Chain Infection | Ransomware | Compromised User Accounts | Data Loss Prepare for a cyber security incident or attack and how to adequately manage the aftermath with an organised approach to Incident Response – coordinating resources, people, information, technology and complying with regulations. INSIDER THREATS Insider threat can originate from employees, contractors, third party services or anyone with access rights to your network, corporate data or business premises. The challenge is to identify attacks and understand how they develop in real-time by analysing and correlating the subtle signs of compromise that an insider makes when they infiltrate the network. Traditional security measures are no longer sufficient to combat insider threat. A more sophisticated, intelligence-based approach is required. Cyberseer uses machine-learning technology to form a behavioural baseline for every user to determine normal activity and spot new, previously unidentified threat behaviours. The move to a more proactive approach towards security will enable companies to take action to thwart developing situations escalating into exfiltrated information or damaging incidents. ADVANCED HUMAN ATTACKS Advanced threats use a set of stealthy and continuous processes to target an organisation, which is often orchestrated for business or political motives by individuals (or groups). The “advanced” process signifies sophisticated techniques using malware to exploit vulnerabilities in organisations systems. They are considered persistent because an external command and control system .

1 of 5
Download to read offline
Information Security find an article online discussing defense-in-depth. List your source and provide a paragraph summary of what the article stated. Solution Abstract The exponential growth of the Internet interconnections has led to a significant growth of cyber attack incidents often with disastrous and grievous consequences. Malware is the primary choice of weapon to carry out malicious intents in the cyberspace, either by exploitation into existing vulnerabilities or utilization of unique characteristics of emerging technologies. The development of more innovative and effective malware defense mechanisms has been regarded as an urgent requirement in the cybersecurity community. To assist in achieving this goal, we first present an overview of the most exploited vulnerabilities in existing hardware, software, and network layers. This is followed by critiques of existing state-of-the-art mitigation techniques as why they do or don't work. We then discuss new attack patterns in emerging technologies such as social media, cloud computing, smartphone technology, and critical infrastructure. Finally, we describe our speculative observations on future research directions. A multi-layered approach to cyber security utilising machine learning and advanced analytics is essential to defend against sophisticated multi-stage attacks including: Insider Threats | Advanced Human Attacks | Supply Chain Infection | Ransomware | Compromised User Accounts | Data Loss Prepare for a cyber security incident or attack and how to adequately manage the aftermath with an organised approach to Incident Response – coordinating resources, people, information, technology and complying with regulations. INSIDER THREATS Insider threat can originate from employees, contractors, third party services or anyone with access rights to your network, corporate data or business premises. The challenge is to identify attacks and understand how they develop in real-time by analysing and correlating the subtle signs of compromise that an insider makes when they infiltrate the network. Traditional security measures are no longer sufficient to combat insider threat. A more sophisticated, intelligence-based approach is required. Cyberseer uses machine-learning technology to form a behavioural baseline for every user to determine normal activity and spot new, previously unidentified threat behaviours. The move to a more proactive approach towards
security will enable companies to take action to thwart developing situations escalating into exfiltrated information or damaging incidents. ADVANCED HUMAN ATTACKS Advanced threats use a set of stealthy and continuous processes to target an organisation, which is often orchestrated for business or political motives by individuals (or groups). The “advanced” process signifies sophisticated techniques using malware to exploit vulnerabilities in organisations systems. They are considered persistent because an external command and control system is used to continuously monitor and exfiltrate data from the specific target. Distinguishing between an employee going about their normal work and an imposter impersonating an employee can be challenging. Understanding the attacker artefacts such as file names and data transfers can help a security team gain visibility of affected systems and devices on the network. Cyberseer uses smart technology in conjunction with a variety of research and analysis techniques, to determine when a user is exhibiting unusual and risky behaviour. Track user behaviour wherever it leads – across devices, VPN connections, source IP address, account names, geographies and credentials. SUPPLY CHAIN INFECTION The supply chain is the silent threat that can lead to loss of sensitive customer information, disruption to manufacturing process and damage to the company’s reputation. The security of any one organisation is only as strong as that of the weakest member of the supply chain. Criminal organisations operate a sophisticated information gathering exercise to understand the supplier network associated with a target. They identify the organisations with the weakest security within the supply chain and gain access to either the target company or other members of the supply chain. Supply chain attack threat poses a significant risk to modern day organisations and attacks affect all industries with a complex supply network. Cyberseer look at the potential weaknesses in the supply chain by monitoring the actions of users and attack vectors those vulnerabilities could introduce. Track user behaviour across devices, VPN, connections, source IP addresses, account names, geographies, and credentials to secure supply chain systems.Assess whether your supply chain is safe from cyber-attacks. RANSOMWARE Ransomware is making headlines – lurking in ads on popular websites and shutting down hospitals. It enters a network and moves undetected from system to system using asymmetric encryption to hold a victim’s information at ransom. Ransomware is a highly persistent and organised criminal activity in full deployment with ransomware-as-a-service (RaaS) at its core. Having advanced steadily in sophistication, the prevalence of Ransomware is now wide spread
and by the time of detection it’s too late. Using intelligent defences, Cyberseer detect anomalous behaviour and apply research-driven knowledge of ransomware file-extensions, names, etc. to determine whether anomalous activity matches the characteristics of known malware. Early detection enables Cyberseer customers to prevent disruption to business operations and data security. Safeguard your operations with early detection using an advanced endpoint security tool that provides prevention as well as a unique journaling approach to this invasive threat. COMPROMISED USER ACCOUNTS Privileged users such as database or system administrators have escalated access rights meaning they are prime targets for hackers. In addition, the increasing adoption of virtualisation, cloud services and big data implementations creates new layers of administration access privileges expanding organisations risk of compromise. With Cyberseer’s suite of security solutions and threat intelligence organisations can gain the comprehensive, robust, and granular controls they need to detect unusual behaviour within privileged and shared accounts and guard against abuse of privileged user access. Guard against the risks posed by privileged users and compromised credentials. DATA LOSS Data loss and theft is a major concern for organisations today. Cyber criminals target data for its inherent financial value (credit card details), its economic and competitive value (manufacturing designs) or political insights (classified documents). Once an attacker gains a foothold within your organisation they potentially have the ability to extract and change data without being detected. Ensuring data integrity is essential for businesses. Today’s challenge has shifted from the unrealistic goal of total information security to developing the ability to identify the aspects of your information infrastructure that are in jeopardy of being attacked. Cyberseer fuses machine-learning technology and the knowledge of skilled Analysts to identify unusual movements of data and files across your network. Anomalous data transfers and file amendments are interpreted to determine threat severity and the organisation’s associated risk. Detect and prevent confidential and sensitive data from being accessed for unauthorised use. INCIDENT RESPONSE Incident response teams face challenging times with growing numbers of incidents, the escalating cost of cyber-attacks and increasing demand for skilled employees. By leveraging metrics and analytics, organisations can continually evaluate and improve their incident response abilities and react more quickly, effectively and intelligently to cyber incidents.
Cyberseer uses smart incident response technology that enables our customers to thrive in the face of cyber attacks or business crisis. Take an organised approach to using best practise in the face of a security breach. Limit the damage and reduce recovery times and costs with the best in-class response capabilities. summary To better prepare to mitigate the emerging threats and improve the cybersecurity of this country, two overarching goals should be pursued continuously: • First, enable substantially better information sharing and collaboration among key departments and agencies (Department of Justice, Department of Homeland Security,Department of Defense, and Office of the Director of National Intelligence) and the private sector. The Cybersecurity Information Sharing Act of 2015 was a needed, but small and careful, step toward this goal, in part because it encourages the private sector(via liability protections) and U.S. government to share knowledge of cybersecurity threats, including classified vulnerabilities, best practices, and defensive measures. This law could better enable the community to anticipate attacks and have a more proactive defense posture. • Second, achieve unity of effort across the U.S. government. Today, different government agencies have different cyber responsibilities. This makes perfect sense in many ways, because different agencies have different capabilities, so they should be tasked to do what they are good at doing. The trick is to harness all the capabilities to a common end, and therein lies the problem. Cyber defense requires a coherent response,and the bureaucratic responsibilities as currently articulated hinder progress toward that goal. President Obama’s appointment of a Chief Information Security Officer for the country—part of his newly announced Cybersecurity National Action Plan28—is another careful small step toward some needs. Ultimately, perhaps ideally, what is needed is the ability to track cyber intruders, criminals,and other hostile actors in cyberspace with the same freedom of maneuver (and speed) these adversaries enjoy. Achieving this goal will require a sustained, long-term effort. New authorities will be required, along with substantial revisions to the U.S. Code (a daunting challenge). Public debate will be lively. Indeed, I have long argued that public debate is a critical first step: Government intrusion into private affairs, even for reasons of the common defense, evokes an emotional response. . . . A first step requires an honest, public debate [that] calls into question the very firewalls between public and private sectors that are intrinsic to democracy.Furthermore, what is needed is a discussion of how to best balance the need for security and privacy. There are many ways to facilitate this kind
of discussion, and the proposal put forth by Full Committee Chairman Michael McCaul and Senator Mark Warner is one way to move forward, though there could be others. It is fair say that today’s debate about whether device makers should be required to build “backdoors” into operating systems so law enforcement and intelligence agencies can collect data has jumpstarted this much-needed discussion. This is a good thing. In the short term, the next steps are multipronged. Congress needs to continue to develop strong, smart policies and laws designed to improve cybersecurity—laws like the Cybersecurity Information Sharing Act of 2015. Although there is an immediate need for such policies and laws,Congress would be well advised to incrementally design these policies and laws, and communicate them to the public, to earn the public’s confidence in the government’s ability and intentions. Specifically, the public must be convinced that the government’s information needs are balanced with individuals’ desire for privacy. At present, many ideas for, and approaches to, using technology to improve cybersecurity—such as pooling and mining vast stores of data—alarm those who believe in a right to privacy from government intrusion. There is no simple solution to the threat posed by adversaries in cyberspace. However, one critical challenge that must be overcome—soon—is determining how to protect the cybersecurity of a democratic society that demands both freedom and privacy in its use of computer systems and networks from the threat posed by enemies who respect no boundaries and can act largely with impunity, despite national and international norms and legal frameworks.

More Related Content

Information Securityfind an article online discussing defense-in-d.pdf

  • 1. Information Security find an article online discussing defense-in-depth. List your source and provide a paragraph summary of what the article stated. Solution Abstract The exponential growth of the Internet interconnections has led to a significant growth of cyber attack incidents often with disastrous and grievous consequences. Malware is the primary choice of weapon to carry out malicious intents in the cyberspace, either by exploitation into existing vulnerabilities or utilization of unique characteristics of emerging technologies. The development of more innovative and effective malware defense mechanisms has been regarded as an urgent requirement in the cybersecurity community. To assist in achieving this goal, we first present an overview of the most exploited vulnerabilities in existing hardware, software, and network layers. This is followed by critiques of existing state-of-the-art mitigation techniques as why they do or don't work. We then discuss new attack patterns in emerging technologies such as social media, cloud computing, smartphone technology, and critical infrastructure. Finally, we describe our speculative observations on future research directions. A multi-layered approach to cyber security utilising machine learning and advanced analytics is essential to defend against sophisticated multi-stage attacks including: Insider Threats | Advanced Human Attacks | Supply Chain Infection | Ransomware | Compromised User Accounts | Data Loss Prepare for a cyber security incident or attack and how to adequately manage the aftermath with an organised approach to Incident Response – coordinating resources, people, information, technology and complying with regulations. INSIDER THREATS Insider threat can originate from employees, contractors, third party services or anyone with access rights to your network, corporate data or business premises. The challenge is to identify attacks and understand how they develop in real-time by analysing and correlating the subtle signs of compromise that an insider makes when they infiltrate the network. Traditional security measures are no longer sufficient to combat insider threat. A more sophisticated, intelligence-based approach is required. Cyberseer uses machine-learning technology to form a behavioural baseline for every user to determine normal activity and spot new, previously unidentified threat behaviours. The move to a more proactive approach towards
  • 2. security will enable companies to take action to thwart developing situations escalating into exfiltrated information or damaging incidents. ADVANCED HUMAN ATTACKS Advanced threats use a set of stealthy and continuous processes to target an organisation, which is often orchestrated for business or political motives by individuals (or groups). The “advanced” process signifies sophisticated techniques using malware to exploit vulnerabilities in organisations systems. They are considered persistent because an external command and control system is used to continuously monitor and exfiltrate data from the specific target. Distinguishing between an employee going about their normal work and an imposter impersonating an employee can be challenging. Understanding the attacker artefacts such as file names and data transfers can help a security team gain visibility of affected systems and devices on the network. Cyberseer uses smart technology in conjunction with a variety of research and analysis techniques, to determine when a user is exhibiting unusual and risky behaviour. Track user behaviour wherever it leads – across devices, VPN connections, source IP address, account names, geographies and credentials. SUPPLY CHAIN INFECTION The supply chain is the silent threat that can lead to loss of sensitive customer information, disruption to manufacturing process and damage to the company’s reputation. The security of any one organisation is only as strong as that of the weakest member of the supply chain. Criminal organisations operate a sophisticated information gathering exercise to understand the supplier network associated with a target. They identify the organisations with the weakest security within the supply chain and gain access to either the target company or other members of the supply chain. Supply chain attack threat poses a significant risk to modern day organisations and attacks affect all industries with a complex supply network. Cyberseer look at the potential weaknesses in the supply chain by monitoring the actions of users and attack vectors those vulnerabilities could introduce. Track user behaviour across devices, VPN, connections, source IP addresses, account names, geographies, and credentials to secure supply chain systems.Assess whether your supply chain is safe from cyber-attacks. RANSOMWARE Ransomware is making headlines – lurking in ads on popular websites and shutting down hospitals. It enters a network and moves undetected from system to system using asymmetric encryption to hold a victim’s information at ransom. Ransomware is a highly persistent and organised criminal activity in full deployment with ransomware-as-a-service (RaaS) at its core. Having advanced steadily in sophistication, the prevalence of Ransomware is now wide spread
  • 3. and by the time of detection it’s too late. Using intelligent defences, Cyberseer detect anomalous behaviour and apply research-driven knowledge of ransomware file-extensions, names, etc. to determine whether anomalous activity matches the characteristics of known malware. Early detection enables Cyberseer customers to prevent disruption to business operations and data security. Safeguard your operations with early detection using an advanced endpoint security tool that provides prevention as well as a unique journaling approach to this invasive threat. COMPROMISED USER ACCOUNTS Privileged users such as database or system administrators have escalated access rights meaning they are prime targets for hackers. In addition, the increasing adoption of virtualisation, cloud services and big data implementations creates new layers of administration access privileges expanding organisations risk of compromise. With Cyberseer’s suite of security solutions and threat intelligence organisations can gain the comprehensive, robust, and granular controls they need to detect unusual behaviour within privileged and shared accounts and guard against abuse of privileged user access. Guard against the risks posed by privileged users and compromised credentials. DATA LOSS Data loss and theft is a major concern for organisations today. Cyber criminals target data for its inherent financial value (credit card details), its economic and competitive value (manufacturing designs) or political insights (classified documents). Once an attacker gains a foothold within your organisation they potentially have the ability to extract and change data without being detected. Ensuring data integrity is essential for businesses. Today’s challenge has shifted from the unrealistic goal of total information security to developing the ability to identify the aspects of your information infrastructure that are in jeopardy of being attacked. Cyberseer fuses machine-learning technology and the knowledge of skilled Analysts to identify unusual movements of data and files across your network. Anomalous data transfers and file amendments are interpreted to determine threat severity and the organisation’s associated risk. Detect and prevent confidential and sensitive data from being accessed for unauthorised use. INCIDENT RESPONSE Incident response teams face challenging times with growing numbers of incidents, the escalating cost of cyber-attacks and increasing demand for skilled employees. By leveraging metrics and analytics, organisations can continually evaluate and improve their incident response abilities and react more quickly, effectively and intelligently to cyber incidents.
  • 4. Cyberseer uses smart incident response technology that enables our customers to thrive in the face of cyber attacks or business crisis. Take an organised approach to using best practise in the face of a security breach. Limit the damage and reduce recovery times and costs with the best in-class response capabilities. summary To better prepare to mitigate the emerging threats and improve the cybersecurity of this country, two overarching goals should be pursued continuously: • First, enable substantially better information sharing and collaboration among key departments and agencies (Department of Justice, Department of Homeland Security,Department of Defense, and Office of the Director of National Intelligence) and the private sector. The Cybersecurity Information Sharing Act of 2015 was a needed, but small and careful, step toward this goal, in part because it encourages the private sector(via liability protections) and U.S. government to share knowledge of cybersecurity threats, including classified vulnerabilities, best practices, and defensive measures. This law could better enable the community to anticipate attacks and have a more proactive defense posture. • Second, achieve unity of effort across the U.S. government. Today, different government agencies have different cyber responsibilities. This makes perfect sense in many ways, because different agencies have different capabilities, so they should be tasked to do what they are good at doing. The trick is to harness all the capabilities to a common end, and therein lies the problem. Cyber defense requires a coherent response,and the bureaucratic responsibilities as currently articulated hinder progress toward that goal. President Obama’s appointment of a Chief Information Security Officer for the country—part of his newly announced Cybersecurity National Action Plan28—is another careful small step toward some needs. Ultimately, perhaps ideally, what is needed is the ability to track cyber intruders, criminals,and other hostile actors in cyberspace with the same freedom of maneuver (and speed) these adversaries enjoy. Achieving this goal will require a sustained, long-term effort. New authorities will be required, along with substantial revisions to the U.S. Code (a daunting challenge). Public debate will be lively. Indeed, I have long argued that public debate is a critical first step: Government intrusion into private affairs, even for reasons of the common defense, evokes an emotional response. . . . A first step requires an honest, public debate [that] calls into question the very firewalls between public and private sectors that are intrinsic to democracy.Furthermore, what is needed is a discussion of how to best balance the need for security and privacy. There are many ways to facilitate this kind
  • 5. of discussion, and the proposal put forth by Full Committee Chairman Michael McCaul and Senator Mark Warner is one way to move forward, though there could be others. It is fair say that today’s debate about whether device makers should be required to build “backdoors” into operating systems so law enforcement and intelligence agencies can collect data has jumpstarted this much-needed discussion. This is a good thing. In the short term, the next steps are multipronged. Congress needs to continue to develop strong, smart policies and laws designed to improve cybersecurity—laws like the Cybersecurity Information Sharing Act of 2015. Although there is an immediate need for such policies and laws,Congress would be well advised to incrementally design these policies and laws, and communicate them to the public, to earn the public’s confidence in the government’s ability and intentions. Specifically, the public must be convinced that the government’s information needs are balanced with individuals’ desire for privacy. At present, many ideas for, and approaches to, using technology to improve cybersecurity—such as pooling and mining vast stores of data—alarm those who believe in a right to privacy from government intrusion. There is no simple solution to the threat posed by adversaries in cyberspace. However, one critical challenge that must be overcome—soon—is determining how to protect the cybersecurity of a democratic society that demands both freedom and privacy in its use of computer systems and networks from the threat posed by enemies who respect no boundaries and can act largely with impunity, despite national and international norms and legal frameworks.