Hello All
With continuation of part 1 and Part 2, we are going to cover the below topic as a part of Security Operation - Series.
Threat Landscapes :
The below are the possible source of security breaches .
- Onprem Resources Example : Corporate offices, Data centre
- Cloud Resources , Example : Servers in cloud, (AWS, Azure, GCP servers)
- Corporate owned devices which is connected to internet
- End users BYOD / Personal Devices, like mobile and Tablets
Entry Point for threat Landscapes
- Entry 1 : Connectivity between onprem and Cloud
- Entry 2 : Connectivity between BYOD and Cloud
- Entry 3: Connectivity between corporate owned devices and Onprem
- Entry 4 : Connectivity between personal devices and Cloud
Core Concepts
A threat is a basic concept for any possible malicious attacks with intention to following
- Accessing Data
- To Disturb the business operations
- Steal intellectual property
- Damage the information
Let us see the source of cyber security threat who intentionally do the malicious attacks
- Freelancer hackers
- Unsatisfied employee
- Hostile Nation States ( Enemy Country)
- Criminal Organisations
- Terrorist groups
- Hacktivist
How to control the security in the real world
There are few ways which we can control the security as much as possible in the real world
Firewall - It deployed at the perimeter layer /network to start with and uplift the security. This will primarily act as a barrier and secure our network from external connectivity that are not trusted
Access Control : It kind of ACL, that security admin take a call, whom to give the access, and how long they need an access for the resources and SOC team ensure that access has given on a need only and denied all as the default options . we can control it from RBAC, Azure AD, Azure Roles etc.
Endpoint Security : The endpoint devices ( Primarily referred to laptop, desktops, mobiles) should have some type of Anti virus and Anti malware solutions. The malware can infect our computers if not protected by any anti malware solutions. All end points must be installed with some security software, like AV, AM, with licenses versions and latest updates.
Secure Configuration : if we are installing any services and applications, we should not keep them it as it as default configurations, because attackers and hackers clearly known the default configuration and they easily attack our applications. by default, all the apps and services should be hardening , disable the unnecessary functions, and change the default accounts and passwords
Patch Management : All the devices and software which are connected to corporate network must be patch with latest updates. Majority of OEM's and software developers releases regular patches and hot fixes, Security updates, that provides bug fix, and patch to any vulnerability reported.
Installing these patches will certainly uplift our security and minimise the risk.
Comments
Post a Comment