Cybersecurity Threats, Malware Trends, and Strategies by Tim Rains
Author:Tim Rains
Language: eng
Format: epub
Tags: COM053000 - COMPUTERS / Security / General, COM015000 - COMPUTERS / Security / Viruses & Malware, COM043050 - COMPUTERS / Security / Networking
Publisher: Packt
Published: 2020-05-28T13:15:57+00:00
Cybersecurity fundamentals scoring system score
How well does the Protect and Recover Strategy mitigate the cybersecurity usual suspects? Table 5.3 contains my CFSS score estimates:
Table 5.3: The CFSS score estimate for the Protect and Recover Strategy
As you might have gleaned from my description of this strategy, although it has some benefits, it doesn't address the cybersecurity fundamentals very well. For unpatched vulnerabilities, I gave this strategy 10/20.
This score reflects that firewalls and segmentation can make it harder for attackers and malware to access exploitable vulnerabilities listening on network ports. If network traffic can't make it to the vulnerable service's port, then the vulnerability can't be exploited. But this mitigation isn't a permanent condition for an exploitable vulnerability. As soon as an administrator changes the rule for the firewall filter blocking the port, then the vulnerability could potentially become instantly exploitable, unbeknownst to the administrator. Typically, filters will block unsolicited in-bound traffic to a port, but they allow in-bound traffic, which is a result of legitimate outbound traffic on the same port. Under the right conditions, the service or application could be enticed to make an outbound connection to a destination under the control of attackers. Firewalls only provide a temporary mitigation to unpatched vulnerabilities, thus giving vulnerability management teams more time to find and patch vulnerabilities. The vulnerable software needs to be uninstalled from the system (which can't be easily done for most operating system components) or needs to be patched. The Protect and Recover Strategy doesn't focus on vulnerability management. The same is true for security misconfigurations. This strategy doesn't help us fully mitigate these two cybersecurity usual suspects – the best it can do is delay exploitation. For this reason, I gave it partial marks in these two areas.
This strategy does nothing to address weak, leaked, or stolen credentials or insider threat. Therefore, both received a score of zero. Finally, I gave this strategy's ability to mitigate social engineering partial marks. Firewalls and DMZs can filter connections based on URLs and IP addresses. They can prevent users who are tricked into clicking on malicious links from connecting to known malicious servers and unauthorized sites. Outbound traffic can be blocked and flagged, as well as inbound replies to such outbound traffic. The challenge has been keeping up with attackers who use compromised systems all over the world to host complex multi-component attacks, and constantly changing sources and destinations for attacks. History has taught us that this approach does not mitigate social engineering attacks very effectively. This is because it still relies on users and administrators to make sound trust decisions, which has always been challenging. Nonetheless, I gave it partial marks for social engineering for what it can do.
With a CFSS total score of 25 out of a possible 100, clearly, this strategy must be used in combination with other strategies in order to really focus on the cybersecurity fundamentals, as well as provide a foundation that an enterprise can build on. Many organizations have already come to this conclusion and have evolved their approaches.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Cryptography | Encryption |
Hacking | Network Security |
Privacy & Online Safety | Security Certifications |
Viruses |
Effective Threat Investigation for SOC Analysts by Yahia Mostafa;(6574)
Practical Memory Forensics by Svetlana Ostrovskaya & Oleg Skulkin(6294)
Machine Learning Security Principles by John Paul Mueller(6264)
Attacking and Exploiting Modern Web Applications by Simone Onofri & Donato Onofri(5938)
Operationalizing Threat Intelligence by Kyle Wilhoit & Joseph Opacki(5900)
Solidity Programming Essentials by Ritesh Modi(4038)
Microsoft 365 Security, Compliance, and Identity Administration by Peter Rising(3676)
Operationalizing Threat Intelligence by Joseph Opacki Kyle Wilhoit(3409)
Future Crimes by Marc Goodman(3351)
Mastering Python for Networking and Security by José Manuel Ortega(3348)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3337)
Blockchain Basics by Daniel Drescher(3304)
Learn Computer Forensics - Second Edition by William Oettinger(3170)
Incident Response with Threat Intelligence by Roberto Martínez(2895)
Mobile App Reverse Engineering by Abhinav Mishra(2886)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2873)
The Code Book by Simon Singh(2832)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2783)
Building a Next-Gen SOC with IBM QRadar: Accelerate your security operations and detect cyber threats effectively by Ashish M Kothekar(2751)
