The paper "Third Edition of the Hacker’ s Playbook by Peter Kim " is a wonderful example of an assignment on information technology. Third Edition of the Hacker’ s Playbook Findings report is a new edition analogous to previous reports that gave organizations trends from an attacker’ s point of view. The report is based on actual deployments in actual clienteles. The report represented anonymized data executed in environments of real production that included up to 100 networks on-premise and cloud deployments. Proactive models for risk prevention from SafeBreach offer precious data that help security and risk managers in risk reduction. Breach attach simulation involves simulating attacks or safely simulating breaches in production.
These are real attacks that attackers use to get into networks a get data out across the clouds, networks and endpoints. Once these attacks are simulated, the customers can prioritize the results of those attacks. They then identify and visualize where attacks are successful and identify key areas to break the kill chain while taking actions to remediate fixes. Remediation happens through going to security controllers by integrating with ticketing systems that not only get the problem solved but also works to automate the solution.
Simulating adversary entails continuous validation of security with thousands of attacks to ensure safety. This can be through infiltration, lateral moves or Exfiltration. Crown jewels of the business are the stuff that needs protection from malware by synthesizing that information send through simulators to ascertain if it can be moved and if there are security controls that block the exploits. The process gets to know the blocked and successful methods and recommends actions for remediation that always is ahead of emerging attacks.
Infliration involves multiple actions taken at multiple stages of an attack. The report found that packed malware manages to evade perimeter defenses pretty easily as it could be seen three times popping up. Also, encrypted files are not scanned like folks relying on their endpoints to do that by level scanning the file. The level blocking based security was pushed down to the endpoint rather than bolstering that with defense but being left to the endpoint security controls. It seems that it is left up to the endpoint security controls to block the attacks.
The security strategy is suitable for those The lateral movement looked like infiltration. One can think of lateral movement as credential theft or privilege elevation. Getting from one machine to another it can be very much like getting from outside in if there is no security and segmentation between different server environments. There is very high trust in Local Area Networks (LAN). The core is to ensure that worms that come back into vogue with the malware and ransomware cannot easily propagate across the networks.
A lot of web traffic like HTTP, GET HTTP POST on the Internet. The report indicated that there is still an Easy HTTP attack at work. Encrypted traffic beats scanners and gets out unscanned. Open ports are easily exploited, and therefore, Breach methods are trying to see whether there exists an open protocol and open port that when used can exfiltrate synthesized stolen data. The key thing here is to ensure that encrypted data is scanned. Most companies have developed perimeter security to stop the infiltration of malware before it enters the network.
However, this might not guarantee a 100% stop of inbound attacks. Efficient malware protection is recommended to have defense and depth at many layers. Kill chain makes it difficult for attaches to get in the server environments and get out if they enter. Finding out ways that expose and make you vulnerable and taking actions to close them is a dramatic opportunity for improvement with no further investment