Cybersecurity Blue Team Strategies by Kunal Sehgal & Nikolaos Thymianis

Author:Kunal Sehgal & Nikolaos Thymianis
Language: eng
Format: epub
Publisher: Packt
Published: 2023-01-15T00:00:00+00:00

Detective controls

These controls provide visibility into security breaches or any malicious or suspicious activity. Detective security controls function during the progression as well as after the occurrence of the activity. The blue team is responsible for defining the triggers and thresholds of the activities, and alerts are then sent to concerned individuals for action, at the time of detection.

Preventive controls cannot be designed to prevent the occurrence of a threat. Hence, these act as a retrospective check to look for any threats that were not proactively blocked by other controls.

Detective controls use physical, administrative, and technical methods. Physical controls include video surveillance and motion detection, such as activating alarms during the opening of doors without authorization. Examples of technical controls include log monitoring, SIEM, security audits, and the implementation of an intrusion detection system. Lastly, administrative controls include conducting internal audits and finding that there are excess access rights.

As a simple analogy, at an airport, preventive controls are put in place via security guards and immigration counters, to stop any unauthorized person from boarding a flight. On top of that, they may have CCTV cameras as detective controls, which are configured to record and log footage, which can be reviewed as and when needed. Such recording helps the security team look for any threats that may have been able to evade the preventive controls.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.