Network Security Monitoring
October 07, 2021
Welcome to DOT Cybersecurity Monthly, where DOT Security's Chief Strategy Officer, Humberto Gauna, will give you a monthly roundup of what tips you should know.
You’ll discover important trends, considerations, and strategies that are happening in the world today and be able to take away actionable information for your own business.
Stay tuned for future entries into this new series!
Ransomware attacks are never a good thing to start your day. Not only that, but as I have said before, cyber security is a chess game; only recently have I changed that analogy to Chinese Checkers.
Recently, there have been reports of ransomware gangs sending notes to victims after the first notification. Some with warnings, others with offers to help make them more secure.
Honor among thieves? Are they limiting the competition? In addition, there was a recent leak of a document that described the playbook used by the ransomware gangs.
The playbook is a method we use in the security industry to respond to incidents.
Offense and defense against each other—which plays complement each other? Which disrupt the other team's plans?
The value of well-developed playbooks is giving all members the information to win.
Operational and leadership teams should review the playbooks along with the after-action to ensure you are responding against the latest threats.
As a proactive approach, test the efficacy of the playbooks during tabletops and exercises to ensure instructions are clear, outcomes are those desired and create a cohesive team at all levels.
As a result, not only should your primary staff be well versed, your secondary and tertiary groups will become more efficient when the time comes.
Ransomware has more recently found itself top of the agenda for business executives and owners.
From those on the front line, there are five items that should be focused on in order to reduce any chance of falling victim to ransomware attacks.
These items are testing, configuring, planning, monitoring/collecting, multi-factor authentication—in no specific order.
Keep in mind, these items do not make up a comprehensive security program but are key components.
The question is, how do you prioritize those things and build them into your business plan? You must have a risk management program to identify where you should focus, and this is especially important for organizations that are working with limited resources or budget constraints.
If you have any questions on how to get that started, reach out to us at DOT Security.
Cybersecurity, as with any security program, aims to reduce risk by increasing fortifications, ensuring consistent monitoring, and improving response capabilities.
I've been successful by having the ability to notice behavior changes from established patterns. Cybersecurity analysts have the task of doing the same when monitoring their assigned environment.
Due to the volume of data that organizations generate, technologies have been created or improved to help parse, correlate, and identify bad things happening—often manifested through changes in network or use behavior.
Threat actors and all types of cyber threats have been playing a game of Chinese Checkers against defenders, as I mentioned earlier.
Now they are using old tricks to obfuscate and confuse the current technology. The US did this against the Japanese in WWII, by using the Navajo code talkers.
This was an unwritten language (obfuscate) that was only taught to native tribes. The Navajo words (confuse) were then assigned to military terms, to identify, task, or inform actions that were happening on the battlefield.
Additionally, just normal conversations were happening between the code talkers to maintain a constant thread of traffic (volume).
Why the history lesson? We are all creatures of habit. We must study history, intelligence, and trends to uncover potential threats and protect our environments, and this applies as much to cybersecurity as anything else.
Here is my version. We tend to be technical and full of jargon in the information technology fields.
We often forget that the consumers of our services don't have the background we do.
In my limited experience, this causes a breakdown in communication which makes acceptance of change difficult.
Friction and unclear instructions are symptoms of this lack of clear communication.
I am guilty of not being clear and am often reminded when communicating that we need to communicate as if those receiving our communication do not have the same level of knowledge we expect, so we need to keep it simple to get our message across.
Security is about protecting your valuable assets to maintain or increase their value. We accomplish this by placing walls around the assets with alarms and sentries.
In a digital world, where having a single perimeter is no longer the standard model, we must adapt by having many perimeters that are controlled and monitored to ensure all of our assets are protected.
These are the core tenets of a cybersecurity strategy.