SOT

SOT

SOAR
Security Orchestration, Automation and Response

Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach

NG SOAR
Next Generation SOAR

Automation of response to information security incidents with built-in basic correlation (SIEM), vulnerability Scanner (VS), collection of raw events directly from information security tools, dynamic playbooks, building an attack chain and an object-oriented approach. AM and VM are included

AM
Asset Management

Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations

VS
Vulnerability Scanner

Scanning information assets with enrichment from any external services (additional scanners, The Data Security Threats Database and other analytical databases) to analyze the security of the infrastructure.

VM
Vulnerability Management

Building a process for detecting and eliminating technical vulnerabilities, collecting information from existing security scanners, update management platforms, expert external services and other solutions

FinCERT
Financial Computer Emergency Response Team

Bilateral interaction with the Central Bank, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

GovCERT
Government Computer Emergency Response Team

Bilateral interaction with the state coordination center for computer incidents, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

Mail us to sales@securityvision.ru or get demo presentation

SDA

SDA

TIP
Threat Intelligence Platform

Cybersecurity threat data collection, analysis, enrichment, infrastructure detection, investigation and response.

UEBA
User and Entity Behavior Analytics

Building behavior models and detecting deviations from them using several dozen built-in static analysis rules.

AD + ML
User and Entity Behavior Analysis

Dynamic behavioral analysis to search for anomalies using machine learning and to search for possible incidents.

Mail us to sales@securityvision.ru or get demo presentation

GRC

GRC

RM
Risk Management

Formation of a register of risks, threats, protection measures and other control parameters, assessment using the chosen methodology, formation of a list of additional measures to change the level of risk, control of execution, periodic reassessment.

ORM
Operational Risk Management

Accounting and recording of operational risk events, monitoring of key risk indicators and self-assessment/control

CM
Compliance Management

Audit of compliance with various methodologies and standards

BCM
Business Continuity Management

Automation of ensuring continuity and restoration of activities after emergencies.

OTS
Operational Technology Security

Operational Technology Security

Mail us to sales@securityvision.ru or get demo presentation

DEMO
presentation

SOT

Technology
SOAR

Security Orchestration, Automation and Response
NG SOAR

Next Generation SOAR
AM

Asset Management
VS

Vulnerability Scanner
VM

Vulnerability Management
FinCERT

Financial Computer Emergency Response Team
GovCERT

Government Computer Emergency Response Team

GRC

Processes
RM

Risk Management
ORM

Operational Risk Management
CM

Compliance Management
BCM

Business Continuity Management
OTS

Operational Technology Security

SDA

Analytics
TIP

Threat Intelligence Platform
UEBA

User and Entity Behavior Analytics
AD + ML

User and Entity Behavior Analysis

All products

SOT

Technology

SOAR

Security Orchestration, Automation and Response

NG SOAR

Next Generation SOAR

AM

Asset Management

VS

Vulnerability Scanner

VM

Vulnerability Management

FinCERT

Financial Computer Emergency Response Team

GovCERT

Government Computer Emergency Response Team

GRC

Processes

RM

Risk Management

ORM

Operational Risk Management

CM

Compliance Management

BCM

Business Continuity Management

OTS

Operational Technology Security

SDA

Analytics

TIP

Threat Intelligence Platform

UEBA

User and Entity Behavior Analytics

AD + ML

User and Entity Behavior Analysis
All products
Clients FAQ

Information security trends. Part 2

Information security trends. Part 2
09.08.2021

 |  Listen on Google Podcasts  |   Listen on Mave  |   Listen on Yandex Music  |   


Ruslan Rakhmetov, Security Vision


In the previous article on modern information security trends, we discussed supply chain attacks and 3rd party attacks. Attacks on IoT elements and cloud infrastructure defence are equally relevant trend topics, which are the focus of this article.


The term IoT (internet of things) refers to a large number of consumer-level electronics that are continuously connected to various networks, including the internet, to interact with each other, with the owner, and with various internet services. Examples of IoT devices include smart TVs, smart speakers, fitness trackers, smart home elements (sensors, home appliances, security systems), webcams, automotive and transport systems, etc. With the development of 5G networks, the number of IoT devices will only grow, as next-generation networks support high-speed data transmission with low power consumption and the interaction of devices directly with each other.


Of particular concern from a cybersecurity perspective are IoT elements that have Internet access functionality and allow for external connectivity, and whose firmware does not receive security updates from the manufacturer. An example of such a vulnerable device could be a low-end webcam developed, for example, in China and used, say, to monitor a garden plot: it can be accessed from the Internet to view the image, and it has a simplified web server to control the camera itself (e.g., to rotate the camera or zoom in). The manufacturer probably does not spoil customers with frequent firmware updates, and if this model is no longer produced, you may not wait for a software update at all. Searching for vulnerabilities in the web server installed on the camera will most likely not be difficult, because the hardware ‘stuffing’ of home appliances, as a rule, is not the most productive and supports the installation of only the simplest software with reduced functionality, and manufacturers in a highly competitive environment are forced to save on literally everything to form the most attractive price, including the quality of firmware, secure software development processes and work to eliminate vulnerabilities in it.


So, if a vulnerability is found in the software code of the web server installed in the camera, the only way the owner can protect himself is by disconnecting the camera from the Internet or completely turning off his device. In the case of simple home electronics it is not difficult, but what about, for example, owners of a large fleet of such cameras, which are necessary to fulfil a certain business function, for example, control of an important object? Most likely, such a camera will remain connected to the Internet, and after some time it will be hacked through the found vulnerability. Then the camera will be controlled by the attacker - he can both view the camera image with impunity or simply switch it off, and use the device for his own purposes - for example, make it part of a botnet that performs DDoS attacks at the behest of the attacker, or simply start mining cryptocurrency, consuming the power of its unsuspecting owner.


It should be taken into account that all responsibility for the consequences of malicious activity of the device will fall on the owner of the device, even if the infection occurred without his knowledge. The picture becomes even more dramatic if you imagine that a device of the ‘wearable electronics’ class is infected, for example, a portable glucometer (a device for measuring blood glucose levels) or a pulse oximeter (a device for measuring blood oxygen saturation levels).Thus, the issue of protecting IoT devices goes beyond standard business risks and touches people's lives and health, which is an absolute imperative priority.


To protect IoT devices from cyberattacks in general, attention should be paid to the following:


1. The country of manufacture of the device and the vendor: the better known the vendor is, the higher the likelihood of timely software updates and the lower the likelihood of unpatched vulnerabilities known to the vendor.


2. Presence of legal documents on the official website: privacy regulations for processed data, personal data processing policies, statements of compliance with certain legislative norms, etc.


3. Ability to configure firmware to disable external internet connections to the device - remote control, administration, status viewing, etc.


4. Availability of firmware updates on the manufacturer's official website, frequency of their release, date of release of the last update.


5. Presence of a community of enthusiastic amateurs who release unofficial, ‘customised’ firmware for this device.


In case of application of ‘Internet of Things’ devices for fulfilment of business tasks, it is necessary to pay careful attention to the choice of the manufacturer, giving preference to the one who regularly releases firmware updates, offers extended technical support and on-site visits of its specialists, provides a long warranty and recommendations on the secure configuration of the device, as well as having up-to-date documents describing the implemented information security measures and accepted methods of secure development.


If IoT devices are used for personal purposes, it is necessary to assess whether this or that functionality of remote work with the device is really required, how easy it will be for the end user (for example, a child or an elderly person) to configure the device securely, and whether the manufacturer provides detailed recommendations and instructions on how to configure the device to limit and control its ‘dangerous’ functionality.


The issues of cloud infrastructure protection are also extremely relevant at the moment, and this is undoubtedly due to the popularity of cloud platforms and solutions that attract customers with the ease of horizontal scaling, transparent cost planning, and the ability to shift some of the tasks of infrastructure maintenance to Cloud providers. In addition, many well-known players have recently entered the domestic market of cloud infrastructures, offering Cloud solutions and services designed, among other things, to process personal data, work as part of GIS (state information system), as well as to process confidential information protected from unauthorised access. Such offers allow even government agencies to use cloud services, but for many companies the possibility of working with cloud infrastructures is still a question mark. The main challenges are the issues of compliance with legislation, confidentiality of corporate information for both the service provider and ‘neighbours’ in the infrastructure, the complexities of migration from on-prem infrastructure, and the intricacies of setting up cloud cybersecurity systems.


Cloud infrastructures can be divided by the principle of operation into the following types:


Public cloud - a cloud provider provides its infrastructure and services to the customer on a commercial basis, usually on a subscription basis.


Private cloud - an organisation hosts part of its infrastructure in its own or a leased data centre and has full control over all hardware and software components.


Hybrid cloud - An organisation combines both public and private clouds, hosting its applications and data according to its convenience and needs in one or the other infrastructure.


Multi-cloud - An organisation uses multiple cloud service providers for reliability and resilience, for example, hosting its core infrastructure in one public cloud and backups and backup services in another.


The following options are typically provided for cloud infrastructures:


IaaS (infrastructure as a service) - providing a service under the ‘infrastructure as a service’ model, when the cloud provider provides only its hardware, network access and virtualisation system hypervisor, and customers are given the opportunity to install their own operating systems, application and system software, and business applications.


PaaS (platform as a service) - provision of services on the model ‘platform as a service’, when the cloud provider provides the installed operating system (usually, giving a choice of several OS options based on Winows and Linux), and customers install only their software.


SaaS (software as a service) - provision of services under the ‘software as a service’ model, when the cloud provider provides the end customer with a pre-installed business application with some opportunities to customise and modify it.


Also in the context of information security we can distinguish such terms:


SECaaS (security as a service, ‘security as a service’) - provision of cybersecurity services to customers on a subscription basis, with the deployment of the security systems themselves in the cloud provider's cloud, such as backup systems, vulnerability scanners, authentication and access control systems, solutions for collecting and analysing IS events.


FWaaS (firewall as a service) - provision of firewall in cloud infrastructure on a subscription basis.


MaaS (malware as a service) is a term introduced by attackers that means that some attackers develop a malicious tool (e.g., ransomware) and provide subscription access to other attackers who then use it in their attacks.


Specialised solutions are available in the market to provide cybersecurity for various cloud infrastructures:


CASB (cloud access security broker) - cloud access security brokers that provide IS in the cloud by authenticating users (including multifactor), controlling the granting of access to data, logging actions, providing reporting, and by controlling software API access by applications and services.


CSPM (cloud security posture management) - cloud security posture management systems that help analyse cyber risks based on data about cloud infrastructure settings, assess compliance of current cloud system settings with legal requirements and vendor recommendations, help visualise the state of IS in Cloud infrastructure.


CWPP (cloud workload protection platform) - cloud service protection systems that control the settings of elements (servers, containers, applications) placed in the cloud, analyse their vulnerabilities, segmentation at the network level, activity control, and threat elimination.


SASE (secure access service edge) - secure access edge services that provide users with convenient and secure access to corporate cloud resources using multifactor authentication, with verification of the connecting device for compliance with the company's requirements (so-called posturing), using the functionality of intrusion detection/prevention systems and network traffic control.


Recommended

FSTEC certification
FSTEC certification
information security

08.04.2024

Quality metrics for dynamic playbooks
Quality metrics for dynamic playbooks
information security MITRE

11.07.2024

Practical protection of personal data. How should a company handle and protect personal data? Part 2
Practical protection of personal data. How should a company handle and protect personal data? Part 2
information security

21.06.2021

Response scenarios, or how IS/IT processes are like theatre
Response scenarios, or how IS/IT processes are like theatre
information security

15.11.2022

Gamification of the SOC
Gamification of the SOC
information security SOC

04.09.2023

Information security tools overview: endpoint protection
Information security tools overview: endpoint protection
information security

26.09.2022

What Kerberos authentication is, what NTLM is and how they work
What Kerberos authentication is, what NTLM is and how they work
information security

06.05.2024

The ethical hacker and his role in security
The ethical hacker and his role in security
information security

13.11.2023

What trusted boot tools are and what they are used for
What trusted boot tools are and what they are used for
information security

01.04.2024

OWASP Top 10 methodology attacks on web-based systems
OWASP Top 10 methodology attacks on web-based systems
information security

27.05.2024

New approaches and new opportunities for network infrastructure monitoring
New approaches and new opportunities for network infrastructure monitoring
information security

16.05.2022

Dynamic IRP/SOAR 2.0 playbooks on the Security Vision 5 platform
Dynamic IRP/SOAR 2.0 playbooks on the Security Vision 5 platform
information security IRP SOAR

18.07.2023

Recommended

FSTEC certification
information security

08.04.2024

FSTEC certification
Quality metrics for dynamic playbooks
information security MITRE

11.07.2024

Quality metrics for dynamic playbooks
Practical protection of personal data. How should a company handle and protect personal data? Part 2
information security

21.06.2021

Practical protection of personal data. How should a company handle and protect personal data? Part 2
Response scenarios, or how IS/IT processes are like theatre
information security

15.11.2022

Response scenarios, or how IS/IT processes are like theatre
Gamification of the SOC
information security SOC

04.09.2023

Gamification of the SOC
Information security tools overview: endpoint protection
information security

26.09.2022

Information security tools overview: endpoint protection
What Kerberos authentication is, what NTLM is and how they work
information security

06.05.2024

What Kerberos authentication is, what NTLM is and how they work
The ethical hacker and his role in security
information security

13.11.2023

The ethical hacker and his role in security
What trusted boot tools are and what they are used for
information security

01.04.2024

What trusted boot tools are and what they are used for
OWASP Top 10 methodology attacks on web-based systems
information security

27.05.2024

OWASP Top 10 methodology attacks on web-based systems
New approaches and new opportunities for network infrastructure monitoring
information security

16.05.2022

New approaches and new opportunities for network infrastructure monitoring
Dynamic IRP/SOAR 2.0 playbooks on the Security Vision 5 platform
information security IRP SOAR

18.07.2023

Dynamic IRP/SOAR 2.0 playbooks on the Security Vision 5 platform

Other articles

Practical protection of personal data. How should a company handle and protect personal data? Part 2
Practical protection of personal data. How should a company handle and protect personal data? Part 2
information security

21.06.2021

Secure use of cloud storage
Secure use of cloud storage
information security

02.09.2024

Network forensics using ZUI
Network forensics using ZUI
information security

21.03.2024

Security Vision Next Generation SOAR: Next Generation Cyber Threat Response Product
Security Vision Next Generation SOAR: Next Generation Cyber Threat Response Product
information security SOAR SOC

09.10.2023

MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #3 ‘Align your SOC structure to your company's needs’. Part 1
MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #3 ‘Align your SOC structure to your company's needs’. Part 1
information security SOC MITRE

15.05.2023

Raising awareness on IS issues
Raising awareness on IS issues
information security

27.06.2024

How to learn how to build a Kilchain
How to learn how to build a Kilchain
information security IRP SOAR

20.11.2023

Who are these agents of yours, or how to follow a large closed circuit
Who are these agents of yours, or how to follow a large closed circuit
information security SOC SIEM

04.07.2024

SD-WAN - Orchestrator for large scale networks
SD-WAN - Orchestrator for large scale networks
information security SOAR SIEM

30.10.2023

Other articles

Practical protection of personal data. How should a company handle and protect personal data? Part 2
information security

21.06.2021

Practical protection of personal data. How should a company handle and protect personal data? Part 2
Secure use of cloud storage
information security

02.09.2024

Secure use of cloud storage
Network forensics using ZUI
information security

21.03.2024

Network forensics using ZUI
Security Vision Next Generation SOAR: Next Generation Cyber Threat Response Product
information security SOAR SOC

09.10.2023

Security Vision Next Generation SOAR: Next Generation Cyber Threat Response Product
MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #3 ‘Align your SOC structure to your company's needs’. Part 1
information security SOC MITRE

15.05.2023

MITRE publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #3 ‘Align your SOC structure to your company's needs’. Part 1
Raising awareness on IS issues
information security

27.06.2024

Raising awareness on IS issues
How to learn how to build a Kilchain
information security IRP SOAR

20.11.2023

How to learn how to build a Kilchain
Who are these agents of yours, or how to follow a large closed circuit
information security SOC SIEM

04.07.2024

Who are these agents of yours, or how to follow a large closed circuit
SD-WAN - Orchestrator for large scale networks
information security SOAR SIEM

30.10.2023

SD-WAN - Orchestrator for large scale networks

This website uses cookies to ensure you get the best experience.