Censys: The World of Attack Surface Management
All the news that I have read in the last two years, I shared on two main topics:
1 - Someone/something was hacked
2 - A new revolutionary defence technology was created
You don't have to be a genius to understand that there is something wrong with this picture. Of course, I understand this is only basic “common” stuff and a lot of problems start from other sources like controlling people's lives, adding all CCTV and IoT technologies in businesses, social media influence etc.
However, I think that all these things are the top cause of the root problems - that there are few companies or professionals who can properly deliver security to organisations and the private sector.
I do not mean to imply that there is a “big and almighty solution” that consists of installing all this stuff, and in 3-6 months, no one changes any configuration or updates signature DB etc.
But by trying to integrate all processes, configure software, test it, change all configurations and test it again, one can indeed integrate rules to employees, relying on business needs and REALITY.
Reality in the cyber sec field is a very important “factor” because no standards and super systems can work properly until there is reality embedded in these procedures.
So, in reality, when a company is establishing a type of technology, it's crucial to understand:
- Business needs
- Configuration options
- and what can happen in reality
Who can help with providing advice about how system catch traffic, analyse inputs, powershell execution and why when ICMP is disabled SYN packets increase activity?
My suggestion is to turn to the pen testers, red teamers etc.
It's like boxing. If you learn only how to defend yourself, in a real fight, you will lose because you will not know how to understand the nature of punches, what they can be like and from what degree a punch will knock you out.
Let's start learning how to block attacks - pen testers start powershells and write basic script to scan the hosts that are up in the network.
The idea is clear - after such tests in a 6 month period, for example, the defence team will be able to detect much more than before.
So why do we need to change something? In time, there will be no companies that were never hacked and hackers will increasingly target average people.
Cybercrime will cost businesses over $2 trillion by 2019
Ransomware attacks increased by 36 percent in 2017
Percent of cyber attacks aimed at small businesses increasing every year.
I have talked with one business owner who sells exactly this kind of a “big solution” and asked him the same question - why you don't want to provide more quality service?
He said that in many cases there is no need. People just want to feel secure rather than be secure. In addition, not all of them can highlight the potential issues and what problems they can lead to.
Well, I just want to mention that in my case there is no such problem. Do you have similar problems with selling security solutions?
After analysing research and observations from my experience, I want to note that so many issues remain unresolved and so many interesting topics still need to be explored. All of us need to keep going and remember that security is our responsibility.
Likhttps://www.em360tech.com/tech-news/tech-features/infotech-jurijs-rapoports/ed this piece? Read Jurijs piece on IoT Security.