Tag Archives: #Cybersecurity

Posted on Author admin Categories Blog, Security

Next Generation Security Operations Centre – 10 primary components

The Security Operations Centre (SOC) is an essential part of an organization’s cybersecurity strategy. As cyber threats continue to evolve, the SOC must also evolve to keep pace with these changes.

Here are ten characteristics of the next generation SOC:

No alt text provided for this image
  1. Real-time threat detection: The next generation SOC must be able to detect threats in real-time to respond quickly to cyber incidents.
  2. Automation and orchestration: The SOC should leverage automation and orchestration to streamline its operations, allowing analysts to focus on high-level tasks.
  3. Integration with other security technologies: The next generation SOC should integrate with other security technologies such as endpoint protection, firewalls, and threat intelligence platforms to provide a more comprehensive defense.
  4. Artificial Intelligence and Machine Learning: AI and ML can help automate routine tasks, identify patterns, and improve the accuracy and speed of threat detection.
  5. Cloud-native: The next generation SOC should be cloud-native, allowing for better scalability and flexibility.
  6. Integrated Incident Response: The SOC should have an integrated incident response plan, enabling analysts to respond to security incidents quickly and effectively.
  7. DevSecOps: The next generation SOC should embrace DevSecOps practices, ensuring that security is integrated throughout the development process.
  8. Proactive threat hunting: The SOC should proactively search for threats, rather than just responding to alerts, to identify potential threats before they become an issue.
  9. User and Entity Behavior Analytics: The SOC should use analytics to understand user and entity behavior, identifying abnormal activity that may indicate a security breach.
  10. Continuous improvement: The next generation SOC must be committed to continuous improvement, regularly evaluating its performance, and making changes to improve its effectiveness.

In summary, the next generation SOC should be agile, automated, and integrated with other security technologies. It should leverage AI and ML to improve threat detection and have an integrated incident response plan. The SOC should be cloud-native and embrace DevSecOps practices, proactively search for threats, use analytics to understand user and entity behavior, and be committed to continuous improvement.

If you have queries related to 𝘾𝙮𝙗𝙚𝙧 𝙎𝙚𝙘𝙪𝙧𝙞𝙩𝙮, reach out to our in-house Cyber Security experts. They are happy to hear from you info@cmsitservices.com. You could also reach out to us on our website https://www.cmsitservices.com/contact-us/.

0
Posted on Author admin Categories Cyber Security

Red Teaming – Creating A Response To Attacks, Creating A Prevention Layer

Nilay, the CEO of Advanced Defence Systems, a defence products manufacturing firm prided himself on two things. The technologically advanced defence products they were manufacturing for Indian armed forces, and the cybersecurity measures they had in place to protect their own systems – firewalls, antivirus software, data protection, just to name a few. To ensure that they stay ahead of the curve, ADS had hired external consultants to conduct regular penetration tests to ensure they had data security.

 ADS’s products were gaining market share. Their continued success, however, brought its own challenges. When everything appeared hunky dory, Seema Singh, ADS’ CISO (Chief Information Security Officer) reported to Nilay a major data breach that compromised the database security, endpoint security and posed other cyber threats.

No alt text provided for this image

 Anyone could have been their adversary – venomous terrorists, malicious subversives, agenda-chasing political criminals, surreptitious state-backed foreign intelligence services, curious computer hackers, evil commercial competitors, dishonest insiders, disgruntled staff, trusted but careless business partners, or rogue administrators.

Nilay knew that he could not allow this to be repeated. In a review of their defensive posture with Seema, She suggested that it was time to go for Red teaming – a simulated cyber-attack, designed to test an organization’s security defenses to identify vulnerabilities that an attacker could exploit to gain unauthorized access to an organization’s systems or data. Nilay made up his mind and wanted to give it a try. Seema brought together a team of ethical hackers and other IT professionals.

The team proposed its plan. It involved the following important steps:

No alt text provided for this image
  1. Planning and Scoping: The first step in red teaming was to define the scope of the exercise and plan the attack. This involved identifying the assets that need to be protected and developing a strategy for the attack.
  2. Reconnaissance: They conducted reconnaissance to gather information about the organization’s systems and networks. This involved scanning for vulnerabilities and identifying potential targets.
  3. Weaponization: Once the reconnaissance was completed, the red team  developed the attack tools and techniques that will be used to exploit vulnerabilities in the organization’s defenses.
  4. Delivery: The red team delivered the attack. They used social engineering techniques to gain access to the organization’s systems or networks.
  5. Exploitation: The red team exploited vulnerabilities in the organization to gain access to sensitive data and systems.
  6. Post-Exploitation: Now the red team just had to maintain access to the organization’s systems and networks – installed backdoor and other malicious software.
  7. Reporting: The red team documented the results and provided a report to the management. It had recommendations for improving the organization’s security defenses.

 By simulating a real-world cyber-attack, ADS was able to identify weaknesses that could be exploited by real-world attackers. Technology is not static. It keeps on evolving. As defensive postures evolve, so do attacks and attackers.

 Nilay agreed with Seema’s suggestion to carry our red teaming regularly and stay ahead of the curve by maintaining effectiveness of ADS’ security defences and keeping them state of the art.

 How about you? Is your cyber defence up to date?

If you have queries related to 𝘾𝙮𝙗𝙚𝙧 𝙎𝙚𝙘𝙪𝙧𝙞𝙩𝙮, reach out to our in-house Cyber Security experts. They are happy to hear from you info@cmsitservices.com. You could also reach out to us on our website https://www.cmsitservices.com/contact-us/.

0
Posted on Author admin Categories Cyber Security

How Information Security & Cyber Security are cousins

“A ship is safe in harbor, but that’s not what ships are built for.”

—John A. Shedd

Cyber refers to the digital world and all things related to technology and the internet. This includes online communication, computers, networks, and the security of these systems from unauthorized access and harm. In short, cyber refers to the virtual world and ensuring its safety.

So, cybersecurity is the practice of protecting computer systems, networks, and internet-connected devices from digital attacks, theft, and damage. This involves implementing various technologies, processes, and practices to secure sensitive information and prevent unauthorized access, hacking, and other cyber threats. The goal of cybersecurity is to keep the internet and connected devices safe and secure for individuals, businesses, and governments.

Information security and cybersecurity are closely related but slightly different concepts. Information security refers to the protection of information and data from unauthorized access, use, disclosure, disruption, modification, or destruction. This encompasses a wide range of practices and technologies, including access control, encryption, firewalls, and backup and recovery systems.

Information Security = Cyber + Physical

In short, information security is a broad term that encompasses all aspects of protecting information, while cybersecurity specifically focuses on the protection of digital systems and networks.

To make information security solutions precisely effective, clients focus on use cases. In the context of cybersecurity, a use case is a specific scenario or situation that describes how a security event or incident should be detected, investigated, and/or responded to by an organization’s security operations team. A use case typically includes a set of rules, criteria, or thresholds that define what constitutes an abnormal or suspicious activity that requires further investigation or response.

Purple is commonly used in information security- purple from mixing red for offense and blue for defense. Purple Teaming is a collaborative process that combines the expertise and knowledge of both the “blue team” (defenders) and the “red team” (attackers) to improve an organization’s cybersecurity defenses. The objective of Purple Teaming is to identify and close gaps in an organization’s security posture, as well as to improve the effectiveness and efficiency of the overall security strategy. In a Purple Team engagement, the blue team provides the red team with access to its systems, tools, and processes, and then actively works with them to identify vulnerabilities, test defenses, and develop mitigation strategies. Through this collaboration, the blue team gains a better understanding of the organization’s vulnerabilities, and the red team learns how to improve its attack methodologies. The Purple Teaming approach helps organizations to prepare better for real-world attacks and to improve their security posture over time continuously.

If you have any thoughts or questions about your organisation’s security postures or initiatives, feel free to write to info@cmsitservices.com.

0
Posted on Author Ramkumar Balasubramanian Categories Cloud

Cloud DevOps: Ensuring Business, Tech and Security go hand in Hand

DevOps is a new area where both the Development and Operations are intertwined together as a single organization. Cloud DevOps is a newer development area, the need for which had arisen for agile development, automated deployment, as well as for faster time to scale. DevOps on premises is different from Cloud DevOps as Cloud DevOps require both cloud-expertise as well as DevOps knowledge to master the development of the same. DevOps Practices in different clouds are different and holds great promise if the awareness to handle the DevOps in the cloud is there.

Requirements of Cloud DevOps

Cloud Expertise: Cloud is still considered a new technology although the cloud concept has been there for more than a decade. The tools required for DevOps from Agile tracking of development, Continuous integration with new builds, Continuous delivery of code to production, and Site Reliability Engineering consisting of monitoring the availability, performance, and fault management of Infra and applications, are different for different cloud service providers. A cloud DevOps engineer has the knowledge of complete cloud DevOps Tools chain specifically optimized to the cloud service provider.

Cloud Costing Model: Awareness of the cloud costing model is a must. The number of products by a cloud services provider is daunting. As an example, AWS has 169 products whereas GCP has 90 products. Many costs are hidden in nature and many of them must be discovered on the way. Therefore, right experts are necessary to make sure the cloud costs are optimized to the best of the ability.

Scaling: One of the facets of DevOps is automation and requirement for automation is varies according to cloud service providers. As an example, with AWS lot of third-party service providers are available to automate the operations whereas in GCP many operations are automated by default. Standardization and automation are necessary to scale the operations. Cloud-native development has become the order of the day and many open-source tools are used to scale the deployment speed. DevOps as code should be used to scale the pipelines.

Security and Compliance: Code Security is still an important aspect of developing the code on the cloud. Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) are necessary in the cloud. Security and compliance scaling happens more with automation. SAST check should be automatically done with every code check-in and DAST check should automatically be done with every build. Security is a continuous service and public cloud service providers are enabling DevSecOps as a new practice. Application security level checks are now reaching new levels which many security professionals have been asking for as well. The goal of the DevSecOps Practice is to introduce security earlier in the SDLC lifecycle. The Objective of the DevSecOps is to make business, tech, and security work together.

AI in DevOps Chain: DevOps throws a lot of data and it is important to have complete visibility of the entire DevOps chain. One can use the Data with AIOPS and get important inferences for actionable intelligence. Data on DevOps is important to optimize the complete process. A new approach of combining DevOps with AIOPs is being done by public cloud service providers. Many of the AI applications require DevOps by default as well. AI is more iterative. While AI can help with DevOps data the DevOps practice in AI can help with more actionable intelligence in anomaly detection, prediction, and natural language processing. All AI applications will have DevOps approach. Cloud offers AI ML tools and can be used as part of the DevOps tools chain for optimization.

Conclusion

While DevOps practice itself has delivered faster productivity with enterprises setting up CI and CD chain it is important to understand the cloud DevOps chain and use it effectively for business purposes. The migration from On-prem DevOps to Cloud DevOps should be carefully calibrated for maximum benefits at minimal cost.

Cloud Architect

Data References:

https://www.reportsanddata.com/report-detail/devops-market
https://dzone.com/articles/devops-trends-to-watch-for-in-2020

0
Posted on Author Agnidipta Sarkar Categories Cyber Security

An Ode to Defensibility

Defensible (de·​fen·​si·​ble\di-ˈfen(t)-sə-bəl) is described as “capable of being defended”. “Defensibility” thus alludes to the ability to remain protected from attack. Cybersecurity should have always been defensible… to be able to adapt to changes, especially continuously changing business intent and risks thereof….

The industry has felt this quite long ago. As early as 1970 a Report of the Defense Science Board Task Force about Security Controls for Computer Systems, noted that providing satisfactory security controls in a computer system is in itself a system design problem. This seems to be true today too. Despite spending billions on cybersecurity, cybersecurity teams are continuously fighting fires because protecting the organization is an asymmetric challenge.  Security Leaders need to protect an increasingly larger number of entry points while the bad guys just have to find just one-way in.

In the aftermath of COVID19, we are looking at a new way of doing business…. Now, there are more and more users outside of the enterprise accessing services than inside… more unmanaged devices connecting to services than managed devices and… more and more internal users are consuming applications delivered from outside of the enterprise network than the inside. Digital transformation is hinged on using the Internet more and more, but the Internet was designed to be flexible and open, not secure. Every mobile phone, cloud application, branch office, IoT and remote employee is an entry point.

It is time for defenders to change the approach.

On May 12, CMS IT Services launched a fresh new approach to cybersecurity – the Defensible Cybersecurity Model, in an industry where there are just too many cybersecurity technologies overlapping in intent and content at the enterprise.

The CMS IT Services Enterprise Cybersecurity Solutions are designed to help enterprises embrace the Defensible Cybersecurity way of ensuring that they can protect their crown jewels through optimized investments in cybersecurity technology and processes, detect deviations, events, incidents, and breaches in their computing infrastructure, and can respond effectively to ensure that the consequences are limited and contained to the extent the leadership desires to, within the boundaries of their risk appetite.

Intricacies of the Protect, Detect and Respond Portfolio

The genesis of the Defensible Cybersecurity model can be traced to2 key papers. The first is the report of the New York Cyber Task Force at Columbia University SIPA, titled “Building a Defensible Cyberspace”, And the second is a physical security concept that was designed to reduce crime by intelligently designing defensible spaces, through Natural Surveillance, Access Control, Territorial Reinforcement, and Maintenance, called as Crime Prevention through Environmental Design (CPTED).

Defensible Cybersecurity is a holistic approach to address cybersecurity challenges, aligned to the context of business, addressing systemic issues, challenges and stakeholder requirements, designed to handle constant change while Consistently improving operational controls, designed to address cybersecurity risks for both traditional & digital businesses and their supply chains.

To learn more about the Defensible Cybersecurity Framework

Director Cybersecurity

0
1 2 3