SANS Internet Storm Center, InfoCON: green

Distribuir contenido SANS Internet Storm Center, InfoCON: green
SANS Internet Storm Center - Cooperative Cyber Security Monitor
Actualizado: hace 10 mins 10 segs

Infocon: green

Hace 10 mins 10 segs
Visibility Gap of Your Security Tools
Categorías: Security Posts

Visibility Gap of Your Security Tools, (Sat, Jan 25th)

Sáb, 2020/01/25 - 18:31
I have been focusing on visibility lately and often specifically on gaps. Visibility gaps demand the attention of every cybersecurity professional. Success often hinges on how quickly these gaps get closed. The very act of which helps us achieve what they need the most - greater visibility. Solving for these gaps will equip us by catalyzing transformation. No need for Artificial Intelligence or Machine Learning, just an advanced persistent drive to close these visibility gaps!   I introduced this idea in a previous Diary Is Your SOC Flying Blind?  This time, I want to focus on your security agents. Are they working and providing their intended value? How do you know? What would it look like to have an Agent Health Dashboard that answered two fundamental questions all day long:         Is the agent installed?         Is the agent performing its expected role?   I like to include practical ideas when I am the Handler. To that end, I developed several ideas across several diverse dimensions for you to consider. Perhaps next week, you will use this as a checklist to complete or perform a spot check.   Visibility for your developers and DBAs   Number of active sessions   Number of runaway sessions   Application performance metrics   Visibility for your physical security   Camera feeds   Badges that show to be both inside and outside of the building at the same time   Visibility for your networks   Netflow volume   Traffic volume    New ports and services   Trends over time for each   Visibility for your Servers and Workstations    Day log volume    Communication patterns    Lateral movement detection    Trends over time for each    Alert when devices stop sending their logs     Activity performed by administrators   Application question - What visibility gaps exist, and what can you do next week on purpose to close one of them? Please leave your ideas and suggestions in our comments box!   Russell Eubanks ISC Handler @russelleubanks (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Categorías: Security Posts