0% found this document useful (0 votes)
22 views90 pages

Behavior Approach To Cybersecurity

Uploaded by

cosain.j07
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
22 views90 pages

Behavior Approach To Cybersecurity

Uploaded by

cosain.j07
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 90

Protecting the

Organization
Cybersecurity Devices
and Technologies
Security Appliances
Routers

While routers are primarily used to interconnect


various network segments together, they usually
also provide basic traffic filtering capabilities.
This information can help you define which
computers from a given network segment can
communicate with which network segments.
Firewalls

Firewalls can look deeper into the network


traffic itself and identify malicious behavior
that has to be blocked. Firewalls can have
sophisticated security policies applied to
the traffic that is passing through them.
Intrusion prevention systems

IPS systems use a set of traffic


signatures that match and block
malicious traffic and attacks.
Virtual private networks

VPN systems let remote employees use


a secure encrypted tunnel from their
mobile computer and securely connect
back to the organization’s network.
Antimalware or antivirus

These systems use signatures or


behavioral analysis of applications to
identify and block malicious code from
being executed.
Firewalls
Firewalls

In computer networking, a firewall is


designed to control or filter which
communications are allowed in and
which are allowed out of a device or
network.
Firewalls

A firewall can be installed on a single computer


with the purpose of protecting that one computer
(host-based firewall) or it can be a standalone
network device that protects an entire network of
computers and all of the host devices on that
network (network-based firewall).
Firewall Types
Network layer firewall

This filters communications based on


source and destination IP addresses.
Transport layer firewall

Filters communications based on source


and destination data ports, as well as
connection states.
Application layer firewall

Filters communications based on an


application, program or service.
Context aware layer firewall

Filters communications based on the


user, device, role, application type and
threat profile.
Proxy Server

Filters web content requests like URLs,


domain names and media types.
Reverse Proxy Server

Placed in front of web servers, reverse


proxy servers protect, hide, offload and
distribute access to web servers.
Network Address Translation
(NAT) Firewall

This firewall hides or masquerades the


private addresses of network hosts.
Host-Based Firewall

Filters ports and system service calls on


a single computer operating system.
QUIZ
Placed in front of web servers, reverse
proxy servers protect, hide, offload and
distribute access to web servers.
Filtering communications based on the
user, device, role, application type and
threat profile.
Filters ports and system service calls on
a single computer operating system.
Filtering web content requests like
URLs, domain names and media types.
Filtering communications based on an
application, program, or service.
Filtering communications based on source
and destination data ports, as well as
connection states.
Hides or masquerades the private
addresses of network hosts.
Filtering communications based on
source and destination IP addresses.
Port Scanning
Port Scanning

Port-scanning is a process of probing a computer,


server or other network host for open ports.
Port Scanning

The port scan reported an ‘open’ state response.


This means that the service running on the
network can be accessed by other network
devices. Therefore, if the service contains a
vulnerability, it can be exploited by an attacker.
Intrusion Detection and Prevention
Systems
Intrusion Detection and Prevention Systems

Intrusion detection systems (IDSs) and intrusion


prevention systems (IPSs) are security measures
deployed on a network to detect and prevent
malicious activities.
Intrusion Detection and Prevention Systems
Real-Time Detection
Protecting Against Malware
Protecting Against Malware

How do you provide defense against the constant presence


of zero-day attacks, as well as advanced persistent threats
(APT) that steal data over long periods of time? One
solution is to use an enterprise-level advanced malware
detection solution that offers real-time malware detection.
Protecting Against Malware

Network administrators must constantly monitor the network for


signs of malware or behaviors that reveal the presence of an
APT. Cisco has an Advanced Malware Protection (AMP) Threat
Grid that analyzes millions of files and correlates them against
hundreds of millions of other analyzed malware artifacts.
Secure Operation Center Team

The Threat Grid allows the Cisco


Secure Operations Center team to
gather more accurate, actionable
data.
Incidence Response team

The Incidence Response team therefore


has access to forensically sound
information from which it can more
quickly analyze and understand
suspicious behaviors.
Threat Intelligence team

Using this analysis, the Threat


Intelligence team can proactively
improve the organization’s security
infrastructure.
Security Infrastructure
Engineering team

Overall, the Security Infrastructure


Engineering team is able to consume
and act on threat information faster,
often in an automated way.
Security Best Practices
Perform a Risk Assessment

Knowing and understanding the value of what


you are protecting will help to justify security
expenditures.
Create Security Policy

Create a policy that clearly outlines the


organization’s rules, job roles, and responsibilities
and expectations for employees.
Physical Security Measures

Restrict access to networking closets and server


locations, as well as fire suppression.
Human Resources Security Measures

Background checks should be completed for all


employees.
Perform and test back up

Back up information regularly and test data


recovery from backups.
Maintain Security Patches and Updates

Regularly update server, client and network


device operating systems and programs.
Employ Access Control

Configure user roles and privilege levels as well


as strong user authentication.
Regular Test Incident Response

Employ an incident response team and test


emergency response scenarios.
Implement Network Security Devices

Use next generation routers, firewalls and other


security appliances.
Implement a Comprehensive Endpoint
Security Solution

Use enterprise level antimalware and antivirus


software.
Educate Users

Provide training to employees in security


procedures.
Encrypt Data

Encrypt all sensitive organizational data,


including email.
Behavior Approach
to Cybersecurity
Behavior-Based
Security
Behavior-based security

Behavior-based security is a form of threat


detection that involves capturing and analyzing
the flow of communication between a user on the
local network and a local or remote destination.
Honeypots

A honeypot is a behavior-based detection tool that lures the


attacker in by appealing to their predicted pattern of
malicious behavior. Once the attacker is inside the honeypot,
the network administrator can capture, log and analyze their
behavior so that they can build a better defense.
Cisco’s Cyber Threat Defense Solution
Architecture

This is a security architecture that uses behavior-


based detection and indicators, to provide greater
visibility, context, and control.
NetFlow
NetFlow

NetFlow technology is used to gather information


about data flowing through a network.
Penetration Testing
Penetration testing

Penetration testing, commonly known as pen


testing, is the act of assessing a computer system,
network, or organization for security
vulnerabilities.
The five-step of pen
test process
STEP 1. Planning

The pen tester gathers as much information as


possible about a target system or network, its
potential vulnerabilities, and exploits to use
against it.
STEP 2. Scanning

The pen tester carries out active reconnaissance to


probe a target system or network and identify
potential weaknesses which, if exploited, could
give an attacker access.
STEP 3. Gaining Access

The pen tester will attempt to gain access to a


target system and sniff network traffic, using
various methods to exploit the system.
STEP 4. Maintaining Access

The pen tester will maintain access to the target to


find out what data and systems are vulnerable to
exploitation.
STEP 5. Analysis And Report

The pen tester will provide feedback via a report


that recommends updates to products, policies and
training to improve an organization’s security.
Your Turn: Put the following steps in the
correct order
__ Gather as much information as you can without being detected.

__ Footprint through the network to find ways to intrude.

__ Identify potential exploitable vulnerabilities.

__Report your findings to the team.

__ Exploit any vulnerabilities identified in the network by


simulating an attack.
Impact Reduction
Actions organizations should
take when a security breach is
identified
Communicate the Issue

Internally, all employees should be informed and a


clear call to action communicated.

Externally, all clients should be informed through


direct communication and official announcements.
Be Sincere and Accountable

Respond to the breach in an honest and genuine


way, taking responsibility where the organization
is at fault.
Provide the details

Be open and explain why the breach took place


and what information was compromised.
Find the Cause

Take steps to understand what caused and


facilitated the breach. This may involve hiring
forensics experts to research and find out the
details.
Apply Lessons learned

Make sure that any lessons learned from forensic


investigations are applied to prevent similar
breaches from happening in the future.
Check and check again

Attackers will often attempt to leave a backdoor to


facilitate future breaches. To prevent this from
happening, make sure that all systems are clean, no
backdoors are installed and nothing else has been
compromised.
Educate

Raise awareness, train and educate employees,


partners and clients on how to prevent future
breaches.
Risk Management
Risk management

Risk management is the formal process of


continuously identifying and assessing risk in an
effort to reduce the impact of threats and
vulnerabilities.
Risk Management
Process
Fame the Risk

Identify the threats that increase risk. Threats may


include processes, products, attacks, potential failure
or disruption of services, negative perception of an
organization’s reputation, potential legal liability or
loss of intellectual property.
Assess the Risk

Determine the severity that each threat poses.


Respond to the Risk

Develop an action plan to reduce overall


organization risk exposure, detailing where risk
can be eliminated, mitigated, transferred or
accepted.
Monitor the Risk

Continuously review any risk reduced through


elimination, mitigation or transfer actions.
Remember, not all risks can be eliminated, so you
will need to closely monitor any threats that have
been accepted.

You might also like