Third Edition of the Hackers Playbook by Peter Kim - Assignment Example

Breach attach simulation involves simulating attacks or safely simulating breaches in production. These are real attacks that attackers use to get into networks a get data out across the clouds, networks, and endpoints. Once these attacks are simulated, the customers can prioritize the results of those attacks. They then identify and visualize where attacks are successful and identify key areas to break the kill chain while taking actions to remediate fixes. Remediation happens through going to security controllers by integrating with ticketing systems that not only get the problem solved but also work to automate the solution.

Simulating adversary entails continuous validation of security with thousands of attacks to ensure safety. This can be through infiltration, lateral moves, or Exfiltration. Crown jewels of the business are the stuff that needs protection from malware by synthesizing that information send through simulators to ascertain if it can be moved and if there are security controls that block the exploits. The process gets to know the blocked and successful methods and recommends actions for remediation that always is ahead of emerging attacks.

Inflation involves multiple actions taken at multiple stages of an attack. The report found that packed malware manages to evade perimeter defenses pretty easily as it could be seen three times popping up. Also, encrypted files are not scanned like folks relying on their endpoints to do that by level scanning the file. The level blocking-based security was pushed down to the endpoint rather than bolstering that with defense but being left to the endpoint security controls. It seems that it is left up to the endpoint security controls to block the attacks.

The security strategy is suitable for those.The lateral movement looked like infiltration. One can think of lateral movement as credential theft or privilege elevation. Getting from one machine to another can be very much like getting from the outside if there is no security and segmentation between different server environments.  There is very high trust in Local Area Networks (LAN). The core is to ensure that worms that come back into vogue with the malware and ransomware cannot easily propagate across the networks.

A lot of web traffic like HTTP, GET HTTP POST on the Internet. The report indicated that there is still an Easy HTTP attack at work. Encrypted traffic beats scanners and gets out unscanned. Open ports are easily exploited, and therefore, Breach methods are trying to see whether there exists an open protocol and open port that when used can exfiltrate synthesized stolen data. The key thing here is to ensure that encrypted data is scanned. Most companies have developed perimeter security to stop the infiltration of malware before it enters the network.

However, this might not guarantee a 100% stop of inbound attacks. Efficient malware protection is recommended to have defense and depth at many layers. Kill chain makes it difficult for attaches to get in the server environments and get out if they enter.  Finding out ways that expose and make you vulnerable and taking actions to close them is a dramatic opportunity for improvement with no further investment