Quartz 🪬

Search

SearchSearch

Introduction to Defensive Security

Nov 21, 20243 min read

Defensive security is somewhat the opposite of offensive security, as it is concerned with two main tasks:

  1. Preventing intrusions from occurring
  2. Detecting intrusions when they occur and responding properly

Some of the tasks that are related to defensive security include:

  • User cyber security awareness: Training users about cyber security helps protect against various attacks that target their systems.
  • Documenting and managing assets: We need to know the types of systems and devices that we have to manage and protect properly.
  • Updating and patching systems: Ensuring that computers, servers, and network devices are correctly updated and patched against any known vulnerability (weakness).
  • Setting up preventative security devices: firewall and intrusion prevention systems (IPS) are critical components of preventative security. Firewalls control what network traffic can go inside and what can leave the system or network. IPS blocks any network traffic that matches present rules and attack signatures.
  • Setting up logging and monitoring devices: Without proper logging and monitoring of the network, it won’t be possible to detect malicious activities and intrusions. If a new unauthorized device appears on our network, we should be able to know.

Threat Intelligence

In the context of defensive security, intelligence refers to information you gather about actual and potential enemies. A threat is any action that can disrupt or adversely affect a system. Threat intelligence aims to gather information to help the company better prepare against potential adversaries.

Different companies have different adversaries. Based on the company (target), we can expect adversaries.

Learning about your adversaries allows you to know their tactics, techniques, and procedures. As a result of threat intelligence, we identify the threat actor (adversary), predict their activity, and consequently, we will be able to mitigate their attacks and prepare a response strategy.

Incident Response

An incident usually refers to a data breach or cyberattack. However, in some cases, it can be something less critical, such as a misconfiguration, an intrusion attempt, or a policy violation. How would you respond to a cyberattack? Incident response specifies the methodology that should be followed to handle such a case.

Malware Analysis

Malware includes many types, such as:

  • Virus
  • Trojan Horse
  • Ransomware

Malware analysis aims to learn about such malicious programs using various means:

  1. Static analysis works by inspecting the malicious program without running it. Usually, this requires solid knowledge of assembly language (processor’s instruction set).
  2. Dynamic analysis works by running the malware in a controlled environment and monitoring its activities. It lets you observe how the malware behaves when running.

Backlinks