Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Community
New Members Introduction
Hello!
Message
<blockquote data-quote="Victor M" data-source="post: 1122060" data-attributes="member: 96560"><p>First of all I want you to expand your view of what cybersecurity is composed of. There are 3 categories of protection: Administrative, Technical and Physical.</p><p></p><p>Administrative: (manual) eg. Not opening attachments, disconnecting the internet when connecting to NAS to do backups, doing vulnerability scans, signing out when done with a web app to combat infostealers. These are manual things you do, and they are classiifed as Administrative controls.</p><p></p><p>Technical: Antivirus, Intrusion Protection like Suricata and Snort, firewall, EDR, SIEM are Technical controls.</p><p></p><p>Physical: Locks on the office door, burglar alarms, security guards are examples of Physical controls catagory.</p><p></p><p>In order to have Defense in Depth ( a security principle) you need to have controls that span all 3 catagories. And you need to have more than 1 kind of each catagory. For example, an antivirus alone in the technical catagory is not enough, because it may fail. AV's fail all the time when it comes to Zero Days and hackers. So antivurus suites come with behavioral detection and some also come with Host Intrusion Detection/Prevention, as an example. Setup an EDR. The firewall rules that comes with Windiows is weak, so you need to improve it's rules. Your browsers need compartmentalization protection; use Sandboxie.</p><p></p><p>The next thing I'll borrow from NIST. First you try to Protect, if they should fail, you must be able to Detect. Hence the EDR (endpoint detection & response), and SIEM (security information & event management) With these 2 kinds of tools, you get to specify things to watch out for, and they give the visibility to see them as they happen. (for example when some program is added to the AutoRuns registry, why did the AV not detect it? Maybe it was done via a LoLBin.) Many companies have both. The SIEM collects logs from everything: PC event logs, firewall logs, logs from the router and switches, IPS logs; you name it. And it ties them together and Alerts you on things that are happening. Perhaps your AV missed detecting a scheduled task inserted by a hacker that does something nasty. You need visibility into all your inventory of devices to see an attack taking shape or spreading. If you don't have these 2, you will have to manually inspect logs yourself: Event Viewer custom views, AV logs, hardware firewall and Windows firewall logs, etc, and tie them together.</p><p></p><p> So the videos you watch shows you how a malware bypassed this and that AV, well, do something about it: disable features that were attacked that you don't need, setup detection scripts, configure your EDR's detection. Protect and Detect, gotta have both to do cybersecurity.</p><p></p><p>There, I have crammed all the need-to-know basics into your head. I hope I wasn't repeating things you know.</p></blockquote><p></p>
[QUOTE="Victor M, post: 1122060, member: 96560"] First of all I want you to expand your view of what cybersecurity is composed of. There are 3 categories of protection: Administrative, Technical and Physical. Administrative: (manual) eg. Not opening attachments, disconnecting the internet when connecting to NAS to do backups, doing vulnerability scans, signing out when done with a web app to combat infostealers. These are manual things you do, and they are classiifed as Administrative controls. Technical: Antivirus, Intrusion Protection like Suricata and Snort, firewall, EDR, SIEM are Technical controls. Physical: Locks on the office door, burglar alarms, security guards are examples of Physical controls catagory. In order to have Defense in Depth ( a security principle) you need to have controls that span all 3 catagories. And you need to have more than 1 kind of each catagory. For example, an antivirus alone in the technical catagory is not enough, because it may fail. AV's fail all the time when it comes to Zero Days and hackers. So antivurus suites come with behavioral detection and some also come with Host Intrusion Detection/Prevention, as an example. Setup an EDR. The firewall rules that comes with Windiows is weak, so you need to improve it's rules. Your browsers need compartmentalization protection; use Sandboxie. The next thing I'll borrow from NIST. First you try to Protect, if they should fail, you must be able to Detect. Hence the EDR (endpoint detection & response), and SIEM (security information & event management) With these 2 kinds of tools, you get to specify things to watch out for, and they give the visibility to see them as they happen. (for example when some program is added to the AutoRuns registry, why did the AV not detect it? Maybe it was done via a LoLBin.) Many companies have both. The SIEM collects logs from everything: PC event logs, firewall logs, logs from the router and switches, IPS logs; you name it. And it ties them together and Alerts you on things that are happening. Perhaps your AV missed detecting a scheduled task inserted by a hacker that does something nasty. You need visibility into all your inventory of devices to see an attack taking shape or spreading. If you don't have these 2, you will have to manually inspect logs yourself: Event Viewer custom views, AV logs, hardware firewall and Windows firewall logs, etc, and tie them together. So the videos you watch shows you how a malware bypassed this and that AV, well, do something about it: disable features that were attacked that you don't need, setup detection scripts, configure your EDR's detection. Protect and Detect, gotta have both to do cybersecurity. There, I have crammed all the need-to-know basics into your head. I hope I wasn't repeating things you know. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
