Ever feel like a deer-in-headlights? This is Preventing Deer In Headlights. (PDIH)

Initial access by adversary – if we could stop it life would be better.

Over the next 10 weeks we are going to investigate the attack process.

The parts of the process from ATT&CK are:

Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Exfiltration, & Command and Control

Initial Access- How do they get in?

  1. New hardware install or inserted: USB Drives
  2. End user social engineering: Click to win
  3. Supply chain: Mission software use to create product
  4. Trusted third party: API connection

SUPPORTING LINK: https://attack.mitre.org/tactics/TA0001/

How do we keep them out?  mapped from above.

  1. Lock and limit insertion
  2. Awareness Training
  3. Contracts
  4. Code review

We narrow the scope to New hardware insertion & the impact on security?

Patient “Doc- It hurts when I do this.”

Doctor  “Don’t do that!”

Easier said than done. In a perfcet world How many of us get a new shiny toy and unwrap it, skip the instructions and insert based upon what we think is right? Yep – me too.

In the enterprise: if we have control over the operating system, we null route, don’t allow boot, or collect warnings from our SEIM. How many operating systems are we supporting? Which ones have these type of controls? What about BYOD?

This is what we will talk about on Thursday. Come be a part of cybersecurity. Don’t be a deer-in-headlights.

Can’t make it?

If you are a past student, you will have access to the recordings.

CPEs – Yesssss!

Most CPE requirements have both a validation step and an audit-able requirement. We do both for our past students. Free. You must login. Use this link ONLY if you are a past student who has been given audit-able access. https://www.vmlt.com/mod/url/view.php?id=14166

I hope you attend – it will be fun.

CommercialCISSP starts this Saturday January 13, 2019  ; please tell your friends! To see other start dates you can go to: https://www.expandingsecurity.com/calendar/

Categories: Learning