Buscar
Estás en modo de exploración. debe iniciar sesión para usar MEMORY

   Inicia sesión para empezar

level: Level 1 of Security

Questions and Answers List

level questions: Level 1 of Security

QuestionAnswer
Real-Time Analysis of Behavior Related Incident SCENARIO: Three times a day on-average John logs into a file share containing critical business data. Then one day, he logs in 100 times… anomaly detected. His credentials were stolen, and he has been personally compromised.SOLUTION: Using artificial intelligence (AI) and machine learning technology, Securonix establishes a baseline of normal behavior, and compares that baseline to current activity on the network. It triggers an alert when it detects activity outside the norm. The ICE SOC Team opens the alert, contacts your IT Dept, and initiates action based on your Threat Response Plan. RESULT: Threat mitigated before your company loses the sensitive data core to your business.
Security StatsWHO - 5 fold increase in cyberattacks in 2020
Average cost of 1 breach (+500)3.86 million - based on The Ponemon Institute and IBM Security
Average cost of 1 breach (under 500)2.67 million - - based on The Ponemon Institute and IBM Security
Most frequently compromised type of recordPII (Personally Identifiable Information) The costliest at $150 a record
Non-Monetary DamagesLoss of intellectual property Years of research down the drain Damage to your brand and reputation Cancelled deals and partnerships Millions in lost productivity, and legal/remediation expenses Disclosure requirements imposed by your clients and governments intellectual property
The burden placed on IT StaffAnti-Virus / Anti-Malware / EDR Behavioral analytics Firewall/WAF, Servers on cloud infrastructure Firewalls with UTM URL & DNS Filtering Threat Detection / Threat Prevention IDS / IPS Penetration Testing Threat hunting Log aggregation Wireless rogue activity detection Single Sign On / Multi Factor Authentication Email filter tuning and quarantine management Identify Access Management (IAM) Monitoring of critical data flows Data Encryption Hosted Email services Threat Intelligence and Feed Analysis
SOC-2 CertificationSOC 2 (System and Organization Controls 2) is a type of audit report that attests to the trustworthiness of services provided by a service organization. SOC 2 reports are the result of an official SOC 2 audit. These reports attest that a service organization’s solution has been audited by a Certified Public Accountant (CPA) on over 600 data points, using standards laid down by the AICPA, with regard to: Security, Availability, Processing Integrity, Confidentiality and/or Privacy.
SOC-2 Audits for what? (SAPIC)Security Availability Privacy Integrity (process & storage) Confidentiality
AvailabilityThe process, product, or service must remain available per the agreement between user and provider. Both parties either explicitly or implicitly agree on the appropriate level of availability of the service.
ConfidentialityIf access to the data is limited to certain individuals or organizations, it must be treated as confidential. Data protected by the principle of confidentiality could include anything the user submits for the eyes of company employees only, including but not limited to business plans, internal price lists, intellectual property and other forms of financial information. An auditor will take into account data encryption, network firewalls, software firewalls and access controls.
PrivacyThe principle of privacy applies to the collection, disclosure, disposal, storage and use of personal information with regard to the generally accepted principles of privacy (GAPP) as established by the AICPA. It applies to Personal Identifiable Information (PII), information that can be used to differentiate persons, including but not limited to names, addresses, phone numbers and social security numbers. Other data, including race, gender, medical profiles, and religion are also covered by GAPP. An auditor must verify controls in place to prevent the dissemination of PII.
SecuritySystem resources must be defended against outside access to comply with the principle of security. Access controls must adequately resist attempts at intrusion, device manipulation, unauthorized deletion, data misuse, or improper modification and release. An auditor looks at IT security tools like WAF (web application firewalls), encryption and intrusion detection in addition to administrative controls such as background checks and authorizations.
IntegrityThis principle is concerned with the delivery of the right data at the right time and at the right price— in other words, whether or not the platform performs as expected. Data processing must be complete, licensed, reliable and timely. IMPORTANT: Integrity of storage does not imply the integrity of the information. Information may contain errors before it is entered into the system, which the storage entity is not responsible to identify. An auditor must look at data processing management and quality assurance practices to ensure the reliability of the data.
SOC (Security Operations as a Service)1. Provides 24/7/365, real-time visibility into your IT infrastructure 2. Staffed by a global team of trained professionals 3. SIEM (Security Incident and Event Management) subscription includes industry-leading processes and security tools 4. Proactive remediation of threats before damage is caused 5. One of the most cost-effective and impactful ways to elevate any organization’s security posture as compared to developing these services in-house
ICE SOC1. ICE has qualified team of certified security professionals to monitor your infrastructure 24/7/365 2. ICE security professionals respond to all alerts instantly to reduce the exposure and limit the damage a security breach might otherwise cause 3. ICE SOC team will work with your organization to establish incident response teams (IRT), formulate Incident Response Plans (IRP), and perform the necessary actions to remediate threats in a timely manner, as required by many compliance frameworks
4 STEPS PROVIDEDMONITOR - Real time monitoring of critical apps and services in a single dashboard ANALYZE - Centralized Log Collector to collect and store logs from services and devices for analysis. Risk management process that reduces chances of security breaches. RESPOND - Respond immediately to cyber attacks to avoid security breach ESTABLISH - Incident Response Plan (IRP)
SECURONIX PARTNERSHIPSecuronix delivers a next-generation security analytics and operations management platform for the modern era of big data and advanced cyber threats and was named a leader in the 2021 Gartner Critical Capabilities for SIEM(for Security Information and Event Management)
WHY SECURONIZ PARTNERED WITH USICE Consulting is an experienced MSSP that offers a full range of security services to their customers. They have a highly skilled staff that understands the value of providing the best solutions to keep their customers protected 24 x 7. We see ICE Consulting as a strategic MSSP partner in a key geography with unique vertical expertise in Biotechnology and Life Sciences.
SECURONIX SNYPR1. Centralized Log Collector maintains all logs from the connected devices and services for extended time periods for forensic analysis, legal reasons, etc. 2. SIEM and UEBA in a single package. 3. Threat Analyzer with a cloud based-AI engine analyzes, reports, suggests remediation, and documents all threats received. 4. SNYPR is compatible with most major applications and services (Okta, Azure, AWS, O365, Palo Alto Firewalls, Cisco Umbrella, Windows Servers, Web Servers, etc…)
SECURONIX FEATURES (Part1)Anti-Virus / Anti-Malware / EDR Firewalls with UTM URL & DNS Filtering Threat Detection / Threat Prevention IDS / IPS Single Sign On / Multi Factor Authentication Data encryption Behavioral analytics Threat hunting Email filter tuning and quarantine management Servers & storage in data centers
SECURONIZ FEATURES (part 2)Firewall/WAF, Servers on Cloud infrastructure Log aggregation Identify Access Management (IAM) Hosted Email services Penetration Testing Wireless rogue activity detection Monitoring of critical data flows Threat intelligence and feed analysis
Incident Response Workflow1. Identify Friend or Foe (IFF) 2. Use WHOIS, and DNS to identify the source 3. Create a network object to auto-identify the CIDR (registered public IP) block for the source in the future 4. Add the system to an elevated risk watch list (Risk Booster for future events) 5. Move from Production VLAN to Patch Only/Guest VLAN (Switch Port) 6. Update anti-virus 7. Update OS 8. Run a full AV scan If clean, run a vulnerability scan to check patches were successful, If success, return to production VLAN If failed AV or Patch check Notify IT team to reimage system, or Perform a full reimage of system and repeat a-d 9. Add the system to an elevated risk watch list (Risk Booster for future events)
IF FOEIf foe… Add to the block list recommendations for the next change review or window Check for additional attackers/symptoms on the same CIDR block Block at the firewall or IPS as appropriate (Class C CIDR block or smaller) Note date of block, and add to an expire/review list for 30 days Note and review country of origin for appropriateness to the business
ALERT & REPSONSE1. Create a ticket to track the event 2. Update the ticket with any enrichment data available. Identify Friend or Foe Add network information about the source Internal? Or External? Check blacklist information (AbuseIPDB, Zeus Tracker…) and add to ticket Identify the user logged into the system at time of event (if internal) 3. Classify the ticket Internal / External Recon, Exploit, Data Exfil,Malware, Unknown
Real-Time Analysis of Behavior Related Incident SCENARIO: Three times a day on-average John logs into a file share containing critical business data. Then one day, he logs in 100 times… anomaly detected. His credentials were stolen, and he has been personally compromised.SOLUTION: Using artificial intelligence (AI) and machine learning technology, Securonix establishes a baseline of normal behavior, and compares that baseline to current activity on the network. It triggers an alert when it detects activity outside the norm. The ICE SOC Team opens the alert, contacts your IT Dept, and initiates action based on your Threat Response Plan. RESULT: Threat mitigated before your company loses the sensitive data core to your business.