LinkedInGitHubPortfolioMediumTwitter

1.7 Techniques in Security Assessments

Threat Hunting

Fusing the data = collect data from different sources such as logs and sensors, network information, internet events, and intrusion detection - external sources - threat feeds, governmental alerts, social media - correlate with big data analytics for predictive analysis and user behavior analytics

Vulnerability Scans

Port scan - gather information on the server and see which ports are open - identify systems - gather as much information as you can about the system

Usually performed from outside and inside (attacker vs insider threat)

Scan types - non-intrusive scans, you just gather information and not try to exploit a vulnerability - intrusive scans, you try out the vulnerabilities to see if they work - non-credentialed scans, the scanner can't login to the remote device - credentialed scan, you are a normal user within a system, it emulates an insider attack

Dealing with false positives - a vulnerability is identified that doesn't really exist - false positive - a vulnerability exists but you didn't detect it - false negative (riskier than false positive)

Security Information and Event Management (SIEM)

Collect information anything on the network - logging of security events and information - real-time information - log aggregation and long-term storage - forensics analysis

Syslog allows to send logs from different diverse devices to different systems - central log collector

SIEM data - server authentication attemps | VPN connection | firewall session logs | outbound traffic flows | network utilization | packet captures, network packets

Analyzing data - big data analytics, analyze large data stores - detect insider threats | identify targeted attacks - sentiment analysis

SOAR - security orchestration, automation, and response - automating routines and time intensive activities - streamline and automate incident response and threat management SOAR platforms and solutions are designed to help security teams effectively manage the growing volume of security alerts and incidents while reducing response times and improving overall security posture.

Previous1.6 Security Concerns for VulnerabilitiesNext1.8 Techniques in Penetration Testing

Last updated

Was this helpful?