Increased technology in networking has brought with it threats to cyber security as attackers have become more technologically savvy and use complicated techniques during attacks. Advanced Persistent Threats (APTs) are still ongoing even though most organizations have beefed up their security tools and procedures. This essay will give a detailed description of the current software-based and hardware based cybersecurity tactics, tools, and procedures. The essay will also consider the software and hardware solutions used today in the defense-in-depth context. Lastly, the essay will elaborate on why the devices are not successful against the APTs.
The increased technological advances made in the networking sector come with new security threats which grow on daily basis. As a result, current tools, tactics, and procedures need to be updated as well. Some of the tools, tactics, and procedures are discussed below:
Delegate your assignment to our experts and they will do the rest.
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
IPS and IDS tools are essential in helping a network administrator to identify and secure both wireless and wired networks from different types of security threats. The deployment of this technology is done with greater a frequency as the networks increases in complexity and size. The tools are able to detect threats in different forms including viruses, worms, and spyware. IDS are best known for monitoring and detecting suspicious activities while IPS are well known for both monitoring and preventing suspicious activities.
Penetration testing and vulnerability scanning
Penetration testing and vulnerability scanning is an example of a tactic used in cybersecurity to ensure both the hardware and software components of a system are safe. The main purpose of a penetration test is to exploit a possible weakness in a system’s environment while vulnerability scans are primarily used to search for known vulnerabilities.
Business Continuity Plan (BCP)
The main purpose of the BCP procedure is to coordinate several efforts across an entire business organization and to restore lost files and documents ( Hayslip, 2019). The BCP procedure makes use of the disaster recovery plan to bring back lost applications, hardware, and data considered important for the continuity of business ( Hayslip, 2019). Each organization has its own unique BCP procedure that dictates how the organization will respond during an emergency.
Defense-in-depth Hardware and Software solutions deployed today
Defense-in-depth is a technique in cybersecurity where a number of defense mechanisms are put so as to fully protect important information and data. Most data breaches happen because of blind spots or difficulties in monitoring the network. Organizations often focus only on perimeter security protecting them against external attacks but seem to ignore internal activities especially on their Local Area Networks (LANs). As a result, unmonitored conversations and traffic flows are likely to occur on some parts of the network. Defense-in-depth solutions are devised to protect both known and unknown threats through a number of techniques.
Reading the network’s traffic patterns is one of the solutions in developing a strong defense-in-depth posture. For complete visibility, all endpoints (including the internal network and the enterprise edge firewall) should be monitored for traffic flows in the network (Hacker, 2017). This can be done using switches, routers, and firewalls from main vendors like HP, Cisco, and Juniper. Effective analyses and monitoring of the data flows is essential in giving network administrators an upper hand in discovering additional weaknesses and blind spots. To effectively design a defense-in-depth solution, the current assets should be deployed as a Network as a Sensor (NaaS) first for the network to detect the possible flaws (Hacker, 2017). Setting activity baselines to employees using the network the next step where each employee can be monitored while either uploading or downloading files using the network. Notifications can be sent to the network administrator in case one of the employees uploads huge and unnecessary amounts of data using the network.
Enforcing the limits is another step towards achieving defense-in-depth as an organization can change the network from NaaS into Network as an Enforcer (NaaE) which can act according to instructions in case the baseline has been compromised. The NaaE can find the source of breach and block data delivery or shut down access depending on the written policy. The next step is to back up other network securities other than NaaS and NaaE. Organizations can opt for Security Information and Event Management (SIEM) systems such as application-based firewalls and Splunk in place of NaaS and NaaE. When there are possibilities of gaps in a system’s defense the system should be upgraded with a component that is stronger and with a broader defense-in-depth posture ( Hacker, 2017). Lastly, trading up and upgrading both hardware and software of an outdated systems should be part and parcel of an organization’s defense system.
Defense-in-depth devices Vs. Advanced Persistent Threats (APTs)
Advanced Persistent Threats (APTs) makes use of clandestine, sophisticated, and continuous techniques in hacking and accessing a system. As much as an organization can beef up other securities and monitor most operations conducted by its employees, APTs still find their way into the networks. In the first place, most APT attackers use smaller companies making up the supply chain as stepping stones to gain access to their prime targets (Kim, 2014). This technique can be hard to mitigate since such small companies are often trusted by the target companies and most of them have access to the organization’s networks and devices. The human factor is also one of the causes prevailing APT attacks as most employees unknowingly participate in the attacks ( Kim, 2014). Techniques like spear phishing have been used severally to lure unknowing employees to leak vital information and this technique can be hard to get rid of ( Zhurin & Komarkov, 2018). Another reason for the prevailing nature of APT attacks is the possibility of several remaining backdoors left by hackers which cannot be easily detected even after scanning and the hackers might decide to conduct another attack any moment.
Conclusion
Cybersecurity tools, procedures, and tactics include IDS, IPS, BCPs, penetration testing, and vulnerability scanning. When it comes to defense-in-depth solutions, an organization is required to consider both external and internal security attacks. However, the devices used in defense-in-depth may not always be successful since most APT attackers use complicated techniques to lure employees into giving out important and sensitive information.
References
HACKER, D. (2017). Defense in depth: Building a solid cybersecurity environment. Smart Business Akron/Canton, 27(5), 6. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=125665255&site=eds-live
Hayslip, G. (2019). 9 policies and procedures you need to know about if you’re starting a new security program. Retrieved from https://www.csoonline.com/article/3263738/9-policies-and-procedures-you-need-to-know-about-if-youre-starting-a-new-security-program.html
Kim, Y. H. (2014). A study on cyber threat prediction based on intrusion detection event for APT attack detection. MULTIMEDIA TOOLS AND APPLICATIONS, (2), 685. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=edsbl&AN=RN355212073&site=eds-live
Zhurin. S, & Komarkov. E. D, (2018). Protection of external information perimeter of organization from spear phishing. Bezopasnostʹ Informacionnyh Tehnologij, (4), 96. https://doi.org/10.26583/bit.2018.4.09
