Revisiting Traditional Security Advice for Modern Threats

Modern attacks targeting supply chains, using zero-day exploits, and exploiting vulnerabilities in security appliances have been flooding newsrooms, boardrooms and threat reports in recent months.

This article discusses the need to revisit traditional security advice in order to protect against modern threats. Recent attacks have been targeting supply chains, using zero-day exploits, and exploiting vulnerabilities in security appliances. These attacks are difficult to detect and prevent, even for the most security mature organizations. To increase visibility and defense in depth, the article suggests revisiting secondary detections and post-compromise detections.

The article provides a few tricks for detection and response teams to simplify detection at the late stage. These include looking for credential abuse, theft, reuse, and scans; internal network traffic such as reconnaissance, data staging, and sensitive repository access; external network traffic such as command and control and data theft; and data access to cyber insurance documents, configuration management databases, emails, financial statements, network maps, and client lists.

The article also suggests a few security fundamentals that security teams should shift from “good ideas” to “must-dos”. These include using technology for continual testing and periodic third-party testing to identify assets and their vulnerabilities; using a risk-based approach for patching and vulnerability management; using technology for continual testing and periodic third-party testing to test internal controls; hardening systems and leveraging MFA; analyzing and maintaining logs for a year or more; and using deception such as honey tokens.

Overall, the article emphasizes the importance of revisiting traditional security advice in order to protect against modern threats. It provides a few tricks and security fundamentals that security teams should implement in order to increase visibility and defense in depth. By following these suggestions, organizations can better protect themselves against modern threats.

📓 Revisiting Traditional Security Advice for Modern Threats

👉🏽 Modern attacks targeting supply chains, using zero-day exploits, and exploiting vulnerabilities in security appliances have been flooding newsrooms, boardrooms and threat reports in recent months. 👉🏽 Modern security threats require a reevaluation of traditional security advice. 👉🏽 Recent attacks target supply chains, zero-day exploits, and vulnerabilities in security appliances. 👉🏽 Detection and prevention of such attacks pose challenges even for mature organizations. 👉🏽 Revisiting secondary and post-compromise detections enhances visibility and defense. 👉🏽 Tricks for detection include monitoring credential abuse, theft, reuse, and scans. 👉🏽 Internal network traffic indicators include reconnaissance, data staging, and sensitive repository access. 👉🏽 External network traffic indicators include command and control and data theft. 👉🏽 Access to sensitive documents and databases should be closely monitored. 👉🏽 Security fundamentals to implement include continual testing and third-party testing. 👉🏽 A risk-based approach to patching, vulnerability management, and log analysis is crucial. 👉🏽 Hardening systems and leveraging multi-factor authentication enhances security. 👉🏽 Deception techniques, such as honey tokens, can be effective in threat detection. 👉🏽 Revisiting security advice is essential for improved protection against modern threats.

🔗 source link: https://www.mandiant.com/resources/blog/traditional-advice-modern-threats

🔗 summarized content: https://hut.threathunterz.com/battlefield-intel/articles-and-reports/revisiting-traditional-security-advice-for-modern-threats

#RevisitTraditionalSecurityAdvice #ModernThreats #DetectionandResponseTricks #SecurityFundamentals #IncreaseDefenseinDepth