DEV Community

Jahin Justin
Jahin Justin

Posted on

VA & PM

Day 1

Threat actor - Intruder

  1. Cyber Terrorists (Red team)
  2. Govt sponsored (Blue)
  3. Cyber Criminals (RT)
  4. Hacktivists (Gray) 5, Script Kiddies
  5. Insiders ()

Vulnerabilities:
1.Configuration -
2.Credential -
3.Patch - Using out of date software (Outdated components)
4.Zero - day - Log4j & Follina

Lockhead Martin Cyber kill chain

  1. Reconnaissance
  2. Weaponization ---- Stealing Codes
  3. Delivery
  4. Exploitation
  5. Installation
  6. Command and Control
  7. Actions on Intent - Wanna cry

The WannaCry Kill chain Breaker

Eternal Blue - Vulnerability in microsoft duwe to the SMB version 1.0.

Session 2

Vulnerability: is an weakness in a product that could allow an attacker to compromise the integrity, availability or confidentiality of an product

CIA Triad:
Integrity - data has not modified
Availability - Backup and accessibility of data
Confidentiality - keeping the data secured

Non-security patch: is an software update aimed at improving the product's functionality, resolving non-security related issues by introducing new features or optimization

Security patch: Is a software update designed to rectify vulnerabilities and enhance security by addressing weakness in a product and safeguarding the CIA Triad

Common vulnerabilities and Exposures (CVE) -

  1. Independently fixable - Can be fixed independently 2.. Vendor awknowledged -
  2. Affects one code base

Common Vulnerability Scoring System (CVSS) -

CVE and CVSS are used internationally

Log4j - affects applications working on java
CVE-2021-44228
CVSS 10.0

Configuration Vuln: Is an unsafe set of configuration in an product that could allow an attacker to compromise CIA triad

BlueKeep: Windows Remote Desktop Protocol - worm-able
CVE -2019-0708
CVSS 9.8

Vuln Lifecycle

  1. Discovery - (Penetration Testers) - finding the Vuln
  2. Mitigation - () - reducing the risk
  3. Remediation - () - trying to resolve them

Petya - wannacry

Drive - by - attacks == bad rabbit

Session 3 - intelligent endpoint patching

intelligent endpoint -- An endpoint that is capable of safely self performing IT management tasks without direct administrator intervention or supervision.

Safe Automation:
Independent Automation:
Timely Automation:

Traditional stages of compliance

Mean time to resolve
Equation, Values, MTTR

Architectural Recruitment

  1. Agent-ed solution
  2. Bidirectional Communication
  3. Persistent Connect ability
  4. Flexible Instructions
  5. Cross Platform Integrations

Intelligent Endpoint Continuous Compliance:

CIS bench mark

Session 4 - Regulation and Compliance

ISO 27001 - GDPR - universal standards
IT ACT - DPDP - Indian Standards

Regulatory controls

  1. Defining requirements
  2. Implementing controls
  3. Monitoring Compliance
  4. Reporting
  5. Continuous Improvement

Risk Management

attack surface mangement

//Equifax Breach - 2017
Risk Transference
Risk mitigation
Risk Acceptance

Top comments (0)