Defensive Security

Defensive security is concerned with two main tasks:

1. Preventing intrusions from occurring
2. Detecting intrusions when they occur and responding properly

Blue teams are part of the defensive security landscape.

Some of the tasks that are related to defensive security include:

• User cyber security awareness: Training users about cyber security helps protect against attacks targeting their systems.
• Documenting and managing assets: We need to know the systems and devices we must manage and protect adequately.
• Updating and patching systems: Ensuring that computers, servers, and network devices are correctly updated and patched against any known vulnerability (weakness).
• Setting up preventative security devices: firewall and intrusion prevention systems (IPS) are critical components of preventative security. Firewalls control what network traffic can go inside and what can leave the system or network. IPS blocks any network traffic that matches present rules and attack signatures.
• Setting up logging and monitoring devices: Proper network logging and monitoring are essential for detecting malicious activities and intrusions. If a new unauthorized device appears on our network, we should be able to detect it.

Areas of Defensive Security#

• Security Operations Center (SOC)
• Threat Intelligence
• Digital Forensics and Incident Response (DFIR)
• Malware Analysis

Security Best Practices#

Many national and professional organizations have published lists of security best practices. Some of the most helpful guidelines are found in organizational repositories such as the National Institute of Standards and Technology (NIST) Computer Security Resource Center.

• Perform a risk assessment
  Knowing and understanding the value of what you are protecting will help to justify security expenditures.
• Create a security policy
  Create a policy that clearly outlines the organization’s rules, job roles, and responsibilities and expectations for employees.
• Physical security measures
  Restrict access to networking closets and server locations, as well as fire suppression.
• Human resources security measures
  Background checks should be completed for all employees.
• Perform and test backups
  Back up information regularly and test data recovery from backups.
• Maintain security patches and updates
  Regularly update server, client and network device operating systems and programs.
• Employ access controls
  Configure user roles and privilege levels as well as strong user authentication.
• Regularly test incident response
  Employ an incident response team and test emergency response scenarios.
• Implement a network monitoring, analytics and management tool
  Choose a security monitoring solution that integrates with other technologies.
• Implement network security devices
  Use next generation routers, firewalls and other security appliances.
• Implement a comprehensive endpoint security solution
  Use enterprise level antimalware and antivirus software.
• Educate users
  Provide training to employees in security procedures.
• Encrypt data
  Encrypt all sensitive organizational data, including email.