Monday, December 12, 2022

Exploring the Differences between Red-Teaming and Blue-Teaming in Cybersecurity: Why Red-Teaming is Sexier; but Blue-Teaming is More Crucial

When it comes to cybersecurity, there are two teams that often get confused: redteams and blueteams. Redteams are the hackers, the ones who are trying to breach your network and steal your data. Blueteams are the defenders, the ones who are trying to keep the hackers out. Both teams are essential for a secure network, but there are some important differences between them. In this article, we'll explore the differences between redteaming and blueteaming in cybersecurity, and why redteaming is sexier but blueteaming is more crucial. Cybersecurity is one of the most important issues facing businesses and organizations today. Hackers are constantly looking for ways to breach networks and steal valuable data. To combat this threat, organizations must have a strong security posture, which involves having both redteams and blueteams working together to keep the network secure. Redteams are the hackers, the ones who are trying to break into the network and steal data. Blueteams are the defenders, the ones who are trying to keep the hackers out. Both teams are essential for a secure network, but they have different roles and responsibilities. Attractiveness of Red Team Red-Teams are often seen as the sexier of the two teams, and for good reason. They are the ones who do the "cool" stuff, like breaking into networks and finding security vulnerabilities. They get to test their skills against the best in the world, and they often get the most recognition for their work. Red-teaming also requires a lot of creativity and problem-solving skills, which makes it a very attractive job for tech-savvy people. Red-Teaming is also attractive because it is a great way to stay on the cutting edge of cybersecurity. Red-Teams are constantly looking for new vulnerabilities and exploits, and they often find them before they become wide-spread. This means they can help an organization stay ahead of the curve and protect itself from the latest threats. Usefulness of Blue Team Although red-teaming can be a lot of fun, blue-teaming is the real workhorse when it comes to cybersecurity. Blue-teams are responsible for keeping the network secure, and they are the ones who really make the difference when it comes to protecting an organization's data. Blue-teams are the ones who create and maintain the security policies, who detect and respond to threats, and who keep the network up and running. They are the unsung heroes of cybersecurity. Blue-team members also need a lot of technical skills to be successful. They need to be able to analyze network traffic, detect anomalies, and respond to threats quickly and efficiently. They also need to be able to design and implement security policies that are effective and difficult to exploit. Blue-team members need to be able to think like a hacker, so they can anticipate the moves of their adversaries and stay one step ahead. How Red Teaming is not useful without a solid defense Many organizations make the mistake of relying too much on red-teaming and not enough on blue-teaming. They think that if they hire a few red-team members, they'll be safe from all threats. But in reality, red-teaming is only useful if there is a strong defense in place. Red-teams can find vulnerabilities, but they cannot fix them. That's the job of the blue-team. Without a solid defense, the vulnerabilities that the red-team finds will remain open and can be easily exploited by malicious actors. It's also important to note that red-teams can only find vulnerabilities that exist within the scope of their tests. If the scope is too narrow, the red-team may miss important vulnerabilities that could be exploited by attackers. That's why it's important to have a comprehensive blue-team in place to detect and respond to any threats that the red-team may have missed. Conclusions In conclusion, red-teaming and blue-teaming are both essential for a secure network. Red-teams are the hackers, the ones who are trying to break into the network and steal data. Blue-teams are the defenders, the ones who are trying to keep the hackers out. Red-teaming can be fun and exciting, but it is only useful if there is a strong defense in place. Blue-teaming is the real workhorse when it comes to cybersecurity, and it requires a lot of technical skills and knowledge to be successful. Therefore, organizations should use seasoned professionals to protect their networks and design policies that are effective and difficult to exploit. Red-teaming and blue-teaming work hand-in-hand to keep networks safe from threats, and organizations should make sure to invest in both teams to ensure a secure network. Exploring the differences between red-teaming and blue-teaming in cybersecurity can help organizations better understand the importance of both teams, and why red-teaming is sexier but blue-teaming is more crucial.

Sunday, September 20, 2020

The Truth Is You Are Not The Only Person Concerned About CONSECUENCES on CYBER ATTACKS

 On September 9, 2020, the University Hospital of the city of Dusseldorf suffered a Ransomware attack that caused the fall of its systems including the controls of the emergency room, as a result patients in need of special care had to be transferred and one patient died as a result of it.

The repercussions of cyber attacks are becoming more serious and we need to pay close attention to the people who depend on us.

In security, our responsibility is to safeguard the lives of the people who depend on us, from their quality of life to the information they need to maintain it.

For some time there have been reports of hackers experiencing, successfully, the intrusion in pacemakers, for general knowledge a good number of modern pacemakers have integrated Bluetooth and cloud technology for control and diagnosis, this technology has been used as an input mode for reprogramming and / or turning off the pacemaker.

Something so simple has very dangerous connotations in that the kidnapping or elimination of a vulnerable person no longer requires obvious weapons, a shielding of software protection standards is necessary for all types of devices in companies but with special attention to those that may even remotely threaten lives.

Ignorance of these factors will not repair the loss of this family, even more it opens a precedent that it is imperative to accept, computer resources even in a hospital environment, facilitate and accelerate our lives, but they are vulnerable, their violation threatens us and we must protect them.

Let's talk ...

Source:

https://hotforsecurity.bitdefender.com/blog/patient-dies-after-ransomware-attack-on-dusseldorf-hospital-24159.html

https://hotforsecurity.bitdefender.com/blog/dusseldorf-university-hospital-emergency-care-postponed-after-alleged-cyber-attack-24149.html

https://www.uniklinik-duesseldorf.de/ueber-uns/pressemitteilungen/detail/update-16-uhr-uniklinik-duesseldorf-massiver-netzwerkausfall

https://wgem.com/2020/09/17/german-hospital-hacked-patient-taken-to-another-city-dies/

https://www.healthline.com/health-news/are-pacemakers-defibrillators-vulnerable-to-hackers

https://www.webmd.com/heart-disease/news/20180220/could-hackers-target-heart-devices#1

Friday, September 11, 2020

An Intro to Cyber Attacks to Stock Market Situation in Under 10 Minutes

 

A global ransomware attack that destroyed factories, hospitals, shops and schools has prompted investors to buy stocks that are likely to benefit from the cyberattack on the US financial system and other sectors.

The global cyber security market is worth $131 billion and is projected to grow to $248 billion by 2026, according to a report by cyber security firm PGI. Cybercrime-related damage is estimated to be $6 trillion annually by 2021, according to Cybersecurity Ventures. Michael O'Hara, managing director of cyber technology at cyber security firm P GI, said companies' spending on cyber security will increase as outdated IT systems are refreshed.

What really worries the cyber-security community is that innovation in cybersecurity is falling behind innovation in the global hacking community. With cybercrime costing $1 trillion in 2018 alone, and forecasts that losses will rise to $6 trillion as early as 2021, the scale of cyber and security problems is immense.

Therefore, even the most secure companies - conscious companies remain at risk of attack and cyber criminals - work tirelessly to find ways to violate security defenses, be it in the form of ransomware, phishing or other forms of malware. Although cloud computing has reduced most cyber risks and increased dependence on a few key vendors, companies need to rethink their cybersecurity strategies and expand their first line of defense by several layers. Blockchain can reduce these risks by reducing individual - point - failures, reducing the bulk of cyber risk, but also increasing imitation.

ISE has launched the ETFMG Prime Cyber Security ETF, which tracks the ISE Cyber Security Index, which focuses on companies developing hardware and software to protect data and provide cybersecurity as a service. ISE's software solutions focused on protecting against cyber attacks such as ransomware, phishing and obtaining a privileged account. Of the ten largest cyber security companies in the US, five are cyber stocks, and there are more than 1,000 of them year after year - to date. IT services, cloud services and cloud computing companies, as well as companies with a strong track record in cybersecurity.

A10 helps to use machine learning and automation to detect and stop cyber threats before they arise. Tenable helps companies identify their cyber threat with cybersecurity software that can locate, investigate, evaluate, and prioritize vulnerabilities in premises, remotely, and in the cloud. A10 helps companies with a strong track record in cybersecurity and how to leverage cybersecurity by helping their customers use machines - learning automation, detecting and stopping a cyberthreat before it arises. Fortinet's security software is used in a wide range of industries and provides advanced security solutions such as intrusion prevention, intrusion detection and response, and advanced threat detection systems.

Rapid7 helps companies identify vulnerabilities in their networks and detect suspicious activity in time to stop cyber threats before they escalate. Keep in mind that cyber criminals are always on the lookout for vulnerabilities they prefer to exploit to pose a cyber threat to your business. How to use cybersecurity: Setting up an account linked to cryptocurrencies is one of the best ways to be stopped by hackers.

The company doubled its security investments and released extensive information about the attack after the collapse of JP Morgan Chase. Eight leading financial institutions have launched a sector effort focusing on emerging cyber-security threats. Dunn provides guidance on how companies can protect their information and customers and create reports.

When you invest in a cyber ETF, you get access to a wide range of cyber security investment opportunities in the U.S. We will also look at some of the best cyber security stocks currently available on the market. These 4 stocks could prove useful to boost your investment in information technology. Given that cyber security spending and investment are growing year on year, we list them here and recommend a targeted approach.

This is worthwhile because more and more industries are relying on automated systems, and cybersecurity is becoming a huge business. Based on these criteria, the ETFMG Prime Cyber Security ETF is well positioned to own faster growing and riskier cybersecurity companies.

As more of us go to work, banking online, shopping or even catching up with family members remotely, cyber criminals are looking for vulnerabilities that they can exploit. In our digitally connected world, our increasing reliance on the Internet means that malicious cyber attacks can cripple our computers, redeem our most sensitive files, and even siphon off our bank accounts.



 

Monday, September 7, 2020

Siem Tools For Top Management

 Security Information and Event Manager (SIEM) is a software and service that combines the best of both worlds: security management and event management in one system. SIem is a security management approach that combines events, threats and risk data in individual systems to improve the detection and resolution of security problems and provide an additional layer of defense.

The use of SIEM can be enormously helpful, but it requires the security of business processes and data to be taken into account in order to use the tools as effectively as possible. Using the tool with default settings generates substantial data and warnings, and adapting the tool to the specific needs of your business, business process and risk management will lead to improved results. SIem tools collect data from multiple systems and analyze it to detect abnormal behavior and potential cyber attacks. They embed important parts of a data security ecosystem into a single platform, such as a web application, database, or cloud service.

Security Information and Event Management (SIEM) is a software solution that combines and analyzes activities from many different resources across the entire IT infrastructure. SIem tools provide a central place to collect events and alerts, but they can be expensive and resource intensive. Some customers report that it is often difficult to solve problems with SIEMS data.

SIEMS can apply analysis to this data to detect trends, identify threats, and enable organizations to investigate alerts. Security Information and Event Management (SEM), which analyzes event and protocol data to facilitate the management of security events and alarms across the entire IT infrastructure. It combines the ability of a SIM security information management SIM to collect, report, analyze and report logs and data with the capabilities of a SIEM tool such as a database, analytics tool or web application.

SIEM tools provide real-time security monitoring - related events and incidents such as failed logins, network outages and security breaches. SIEM software logs the data generated by enterprise technology infrastructures such as servers, networks, databases, web applications, mobile devices and network infrastructure.

If the analysis shows that an activity is outside the predefined rules and thus potentially compromises security, a warning is sent to the SIEM system.

This enables real-time situational awareness, so that the company can detect, understand and respond to hidden threats. ESM is a powerful tool to use real-time data correlation to dramatically reduce the time it takes to detect, respond and protect the business. This alerts the SIEM system and the IT Security Management System (ITMS) with suspicious activities.

This is combined with the real-time data correlation between the SIEM system and the IT Security Management System (ITMS) to identify outliers and respond with appropriate measures.

For over a decade, SIEM systems have come a long way from simple protocol management to integrated machine learning and analytics. Event management focuses on incidents that can pose a threat to the system, such as malicious code attempting to enter, while information management deals with real-time monitoring and analysis of data in the IT Security Management System (ITMS).

Given the multitude of tasks that SIEM solutions perform, their integration into a company's existing information security architecture can be daunting, especially when it involves multiple different centers spread across the globe. Protocols from all sources within an organization are likely to be incorporated into the IT Security Management System (ITMS) and other IT management systems.

The compromise is that administrators must perform integration actions to tell SIEM software how to analyze and process the types of protocols an organization collects. If you choose an alternative approach, almost all SIem systems offer the ability to create protocols from commonly used protocol sources such as protocols of the IT Security Management System (ITMS) and other IT management systems. Since each organization has a unique combination of log sources, those looking for the best SIEMS software for their organization should be able to build an inventory of all the logbooks in their system and compare that inventory with support for each of the supported log sources. SI EM tools are more flexible and support almost any logSource.

Security experts in companies have abandoned traditional protocol management systems such as ITMS and IT Security Management System. The evolving log - management root has introduced a new generation of SIEM tools for top management and security management.

These tools have the ability to monitor threats and provide real-time alerts regarding security. SIEM technology has been around for a long time and initially developed from log management discipline to security management tools such as ITMS, IT Security Management System and IT Management Systems, but has evolved from the original log management disciplines to network management, network security, data security and network management systems (NMS). SIem Software is a combination of a number of different tools for top management and security management. 

 

Thursday, September 3, 2020

Advice On Cybersecurity For Managers

 With these ten personal tips on cybersecurity, I want to help my readers become more aware of the topic of cybersecurity. We hope that you find these tips on how personal security breaches happen helpful to reduce the risk of a security incident. IT security, and we break it down, as recommended by IT and cyber security experts, with the help of our experts.

CEOs and CISOs to keep an eye on the importance of cyber security for their business. IT management and management of cybersecurity risks in small businesses, see Cybersecurity Infrastructure Security Agency (CISA).

Remote students can expect a specialization that prepares them to take on the role of a full-time cybersecurity manager in their business. Graduate students enrolling in these programs can expect to arm themselves with technical know-how - such as the knowledge gained from cybersecurity managers in many industries. These experts can help you develop the skills needed to be a manager just in time to focus on your unique needs.

Depending on the concentration, students can take on different roles, such as risk management in information systems. The jobs of security managers at the executive level often require a degree in computer science, computer technology or computer security management. In our survey, the most common terms were "security manager," "system security manager" and "information system manager."

These professionals generally need to work their way up to a management role and apply the above skills in a variety of roles, such as risk management, information security, data protection and data security management.

For security managers who require excellent leadership skills, this can prove beneficial in job search, according to a recent study by the University of California, San Diego.

Staying informed about your cybersecurity practices could be the difference between a successful business and a company that may be targeted by hackers. As for tough skills, security managers need at least two years of cybersecurity experience. There is also the possibility of earning a master's degree in cyber security at distance learning, which is worthwhile, as the average cost of an online MSc in cybersecurity management is $420,000, according to Forbes. This is a four-year degree in security policy, development and compliance that focuses on acquiring the skills necessary to develop a strong understanding of the security environment and the role of cybersecurity in a business environment.

Use the tips below to make the most of your opportunities and they will help you train, inform and interest your employees more about the role they play in your organization's cybersecurity.

Cyber security training for managers focuses on protecting corporate and customer information, but also extends to executives. You will learn what terms managers and managers use to discuss risk management and how the concept of "risk management" is applied to networks, systems and projects. Beyond looking at the system - comprehensive security and focus on the protocols that were put in place to deal with attacks.

There are standards and initiatives around the world that provide best practices for implementation, but cyber risk assessment is the most important part of cyber security training for managers and executives.

IT is a CMS that helps IT managers in their efforts to secure their IT infrastructure, systems, databases and other critical infrastructure.

Solid cybersecurity measures, combined with an educated and security-oriented workforce, provide a strong defense against cyber criminals who seek to gain access to a company's sensitive data. With the right knowledge, your business can be strengthened against breaches and vulnerabilities, and a list of 10 best cybersecurity practices that all employees should know can also help strengthen the company in the event of a breach or vulnerability. Cybersecurity training must include information on how to detect common cyber threats such as phishing, identity theft, malware and ransomware. Developing a clear understanding of the importance of cyber security in your organization's IT infrastructure goes beyond setting password requirements and searching for common phishing scams (even if they may be included).

In many large organizations, the Chief Information Security Officer is involved in briefing board members on cybersecurity, but depending on the size and maturity of the security program in your organization, it may fall to the IT security or cybersecurity manager. You want to make sure that all providers and employees understand and operate your cybersecurity risk management policy. Cybersecurity policy is a key resource for staff to turn to when dealing with cybersecurity issues. There may be some responsibilities that are solely the responsibility of the IT security manager, or there may be joint responsibilities.

You might even want to consider a password manager for employees such as LastPass or Dashlane. This can be helpful if you are a person who has chosen to use this password management for personal or business use.

On the other hand, it is also useful not to use a password manager and to choose a more secure password management solution such as LastPass or Dashlane instead. Even if you accept that you trust the password manager provider more, the advice on password managers is good. The security of managers has proven to be critical to the success of their company, as they monitor operations that protect against unwanted cyber intrusions. 

 

 

Monday, August 31, 2020

Information Security situation In Latin America

 One of Europe's biggest banks has just revealed what appears to be a huge data leak from one of its servers. Russian-speaking hackers stole up to $10 million from U.S. and Russian banks, according to a Moscow-based cybersecurity firm headed by the former head of Russia's domestic intelligence agency, the FSB, and a former senior executive of a major bank.

Cybercriminals have teamed up with drug cartels in Latin America to attack financial institutions and governments, using a variety of scams and malicious programs to make millions, according to a new report. The Russian cybercrime group, the Russian domestic intelligence service FSB, has targeted organizations in Latin America.

In total, banks in Latin America spent about $809 million on digital security incidents, response and recovery in 2017, according to the OAS. In 2012, the US Federal Reserve Bank of New York and the Federal Deposit Insurance Corporation (FDIC) fell victim to cybersecurity. The same methods have been used by drug cartels in Mexico, Brazil, Colombia, Argentina, Chile, Peru and Uruguay.

In Chile, Banco Chile was also the victim of a cyber attack in which hackers stole more than 10 million US dollars. In March 2016, hackers stole $5 million from the bank's computer system in Chile, according to the OAS, before launching a malware attack that crippled much of its network.

As IT teams tried to stop the virus from spreading, cyber attackers broke into the bank's computer system and siphoned off $10 million in assets from Banco Chile. The hackers also said that the Cayman Bank and Trust Company contacted them using the same exploit against the hacking team that was intended for a cyber attack on the US Federal Reserve Bank of New York. According to OAS, the attackers used malware to hack into the software, allowing them to transfer money and clean up after themselves.

The hackers gained access to the network and infiltrated the bank's IT system with highly contagious malicious software, which wiped out hard drives and brought down branches, phones and banking systems across the country.

Banxico quickly established a cyber security unit that drafts and issues information security guidelines for the country's banks. Mandiant Security Consulting Services, which provides disruption response and general advice in cybersecurity, said that for most actors the sharing of information about cybercrime remains unthinkable. Simply put, companies cannot rely on government guidance on cyber-security risks, because many governments do not yet share information - security laws related to cyber data. This is clearly possible, but sharing information and information about cybercrime remains "unthinkable" for most of these actors, "said Michael D'Agostino, senior vice president and chief technology officer at Mandian Security Consulting.

In this regard, alongside their references, banks in Latin America have developed protection systems that focus on devices and identity verification systems that allow customers to log on to their online banking websites. Most security software companies do not consider Latin America a critical market, and therefore there are few cybersecurity services. There are no national cybersecurity rules for the region's banks, and there is a lack of awareness of the importance of information security in the banking sector. The financial sector in South America does not invest in cutting-edge technologies to detect and prevent cyber attacks, and spends most of its digital security budgets on more basic firewall protection.

Phishing attacks are extremely popular among hackers targeting major banks in Latin America. An attacker uses fake Google and Bing adwords to direct customers to make them look like an official bank website. Information security specialists also know the lurking trojan, which has been used for several years to attack remote banking systems. Indeed, last year, the security firm Group IB found that cyber criminals, including Russia's MoneyTaker Group, collect information about services that use SMS as an authentication tool to launch attacks on cross-border payment systems such as PayPal and MasterCard. A hacker who has received enough personal information about the target can pass a mandatory telecommunications test and access banking services via a cross-border payment system, "says Carsten Schulz, head of security research at Group IB.

Experts point out that Latin America is fertile ground for attacks, because coordinating illegal cyber-fraud is much easier than in Europe or the United States. North Korea - The hackers with ties appear to be focused on the U.S., South America and the Middle East, as well as China and South Africa. Brazil, Argentina, Colombia, Chile, Ecuador, Mexico, Peru, Uruguay and Venezuela are among the countries most likely to be targeted by hackers, "says David Wright, head of security research at Group IB. Latin America enjoys low-cost cyber insurance options, such as the Latin American Cyber Insurance Program (LACIP).

Internet access has spread to developing countries, including Latin America and the Caribbean, and the problem of hacking is expected to increase. The report also highlights some of the most popular malware threats that afflict Latin America. There is a strong correlation between the number of malware attacks in the US and Latin American and Caribbean countries.

Cited Sources

Tuesday, August 25, 2020

Security Automation

 


Fear, one of the most powerful drivers of all time. Movies, novels, companies, even I had the unfortunate chance to hear the following phrase directed to a coworker: " I can replace you with a script and I will save money".

Automation is the new catchy word in the industrial environment, we see it everywhere: in car factories, coal mines, banks, even in the airports where tasks related to security are being transferred to automatic tellers. But is this suitable for all commercial environments?, the answer is partially.

Humans are valuable (not costly as some executives like to view them) by their decision making capabilities and a new evolution process has been taking place all over the world, thinking people are getting hired, and mechanical people are getting displaced. It is not a matter of justice nor survival, it is a matter of cost vs profit.


Is automation in security viable?

Yes it is but in a partial way, everyday hackers all over the world bypass security controls designed and maintained by fellow humans, automated systems are predictable (which is a terrible word in the business), we can automate tools and monitors but security intelligence? that's not automatable.

No matter how complex is the algorithm (computer process), the fact that all possible routes are programmed means there will be a thousand ways to bypass it, human ingenuity and logic is paramount to stop cyber-criminals.

Don't take me wrong, every company should invest in security means and tools to aid the process and some automation is necessary to analyze the tens of thousands of transactions the average enterprise performs daily, but every machine, every analyzer in the market will depend on search patterns and every search pattern will cause a situation known to security professionals: false positives and negatives.

A false positive is an event which triggers an alarm but is not a situation worthy TO INVESTIGATE, like a common employee performing a click on a file he is not authorized to and not getting access.

A false negative is a situation where the alarm should be triggered but it is not like the employee in question getting access to the file he has not been authorized to read/change/delete.

These factors are part of the everyday work of a cybersec engineer and a great deal of our training, human instincts become the differentiator to detect the anomalous behavior.

Then what can automation do?

To detect these factors which allows us to identify the possible intrusions, we would have to manually check all servers under our watch. which would severely raise the amount of people involved, instead the security orchestration tools allow us to see the activity in various fronts even in a graphical way enabling a major coverage on our duties.

In words of Eran Barak, CEO and Co-Founder, Hexadite: "All of these security automation technologies free up overtaxed security resources, allowing security teams to be less focused on mundane – but essential – tasks, and more focused on strategic initiatives that will make their organization more secure. "

Automation needs to be seen as a tool and as any tool it is only good for the person trained to use it, we cannot expect to take in someone trained to be a network technician and takeover cybersec without so much than a manual.


Resources

https://www.securityweek.com/five-steps-security-automation

https://www.dflabs.com/blog/security-automation-vs-security-orchestration-whats-the-difference/

https://www.darkreading.com/operations/the-best-and-worst-tasks-for-security-automation/d/d-id/1332074

https://www.helpnetsecurity.com/2019/04/16/it-security-automation-skills/

https://www.information-age.com/staff-skill-shortages-security-study-123473231/

Exploring the Differences between Red-Teaming and Blue-Teaming in Cybersecurity: Why Red-Teaming is Sexier; but Blue-Teaming is More Crucial

When it comes to cybersecurity, there are two teams that often get confused: redteams and blueteams. Redteams are the hackers, the ones w...