Letter

I remember the softness under my hands and feet when I crawled up the staircase like a bear. Each carpeted step led me higher up and revealed an even more beautiful view of the lake as I climbed…

独家优惠奖金 100% 高达 1 BTC + 180 免费旋转

Increasing Your Security Posture

Increasing your security posture in an enterprise environment begins with identifying and closing visibility gaps. The following steps will help your team understand adversary techniques and methods to defend against them.

Increasing your Security Posture requires understanding the Attack & Exploitation Lifecycle adversaries use to attack your network.

The descriptions below are based on Pentesting Methodologies, which have been created by practicing adversary emulation based on the Exploitation Lifecycle.

RECON

Often referred to as OSINT (Open Source Intelligence) or reconnaissance, this is simply using publicly available resources to learn as much as possible about your target.

This consists of researching the following non-exclusive list:

TARGET(ing)

Targeting or Vulnerability Discovery is the act of pairing identified infrastructure with corresponding open source exploits.

BREACH

A Breach is the act of exploiting infrastructure to gain access to a target.

PERSISTENCE

This is the act of installing a backdoor [malware|callbacks|etc] so that exploitation isn’t necessary over and over again to operate in the target network.

MIGRATION

Often the machine of initial access isn’t the primary target. The art of migration is moving throughout the network to expand persistence and locate the primary target.

EXFILTRATION

This is the act of moving data from the target to an external C2 or the attacker machine.

The lifecycle pictured above is based off of the Pentesting Methodologies shown below.

In order to properly secure an environment, we must first identify the boundary that, once breached, will have the maximum negative impact.

What level of data breach can your organization not recover from?

Identify your worst case scenario, then start working backwards.

The phases below will help you identify the gaps in your network. Once the gaps are identified using these phases and techniques, locate the mitigation recommendations and create a checklist.

Once the checklist is developed, start walking your way through the checklist until all items have been mitigated.

Then start again.

Asset Management is the process of taking inventory of all internal and external assets spread throughout the network, including hardware, software, and network assets. By developing an effective asset management program, you are able to increase your efficiency, effectiveness, and security by making it easier to identify visibility gaps, stolen equipment, apply patches and software upgrades , as well as budget for future security solutions.

We recommend you start by developing an enterprise level asset list that consists of physical devices, software, and data. Then tag critical data on the list. This comprehensive Asset List should consist of network devices, software installed/used on devices throughout the network, and the owners of those devices.

Understanding asset ownership is an important aspect of the asset list creation process. Asset ownership is critical when it comes time to perform enterprise level heuristic analytics on change point detection, anomalies, and vulnerability identification.

Intelligence Mitigation Technique: Once you identify your critical data and have correlated which actor is targeting your sector, you can use the intel you’ve uncovered to research what data your actors might be targeting from your organization.

Network visibility gaps in enterprise environments allow attackers to migrate, or move, around a victim’s network. Once you identify that network segment, work on network visibility to and from that space.

Network migration is also called pivoting. This is the act of using an existing foothold to move throughout a network accessing critical infrastructure.

Pivoting can be prevented by increasing and sharpening SIEM network logging, and implementing stronger internal security controls.

Side note (log aggregation): The following image outlines common concepts about methodologies associated with event log aggregation.

Host AntiVirus is where many enterprise level security engineers start.

Increasing host visibility using the following methodologies is the next phase of this lifecycle:

Perimeter Visibility identifies the types of threats being thrown at your enterprise network from the outside. This is an important aspect of network defense.

However, for this stage we are simply focusing on what is entering and exiting the network.

Common protocols and traffic to look for are:

Open source intelligence research is nearly always the first step to the attack/targeting/exploitation lifecycle. Knowing what your exposed organizational footprint looks like will increase your ability to combat attackers when they target your organization.

Since the attack vector pictured above is twofold (technological and social engineering) educating yourself on attack methodologies surrounding both attack surfaces will help you develop a target scope for the organization.

Once you have all this data aggregated, have implemented applicable mitigation methodologies where possible, and know your enterprise security visibility gaps, you’ll be prepared to make enterprise & organizational level risk determinations.

This kind of risk determination will provide a vehicle to develop manpower management needs, budgetary and compliance roadmaps, and begin to close additional visibility gaps throughout your network and allow you to sleep a little better at night.

For more information reach out to our team of security experts standing by to help.

Letter

Increasing Your Security Posture

Add a comment

Related posts:

Day 324

Unison Audio Free Packs

The Way You Make Me Feel