Key Takeaways from SANS Dallas – A Cybersecurity Conference Recap
Last week, zvelo sent one of its cybersecurity members to the SANS Cybersecurity Training Event in Dallas. The SANS Institute is the most trusted and by far the largest source for information security training and security certification in the world. We often refer to cybersecurity as a team effort, and zvelo believes that effort requires sharing information and resources to facilitate safer and more secure internet experiences. In the spirit of sharing valuable information, below is a brief summary of the SANS Dallas conference, plus 5 key cybersecurity actions you should implement.
zvelo’s Cybersecurity team member attended the Hacker Tools, Techniques, Exploits, and Incident Handling training course. This course, led by Kevin Tyers, delivers deep insights into a hacker’s tactics and techniques once an attacker has compromised the network and systems. Included in the training was hands on instruction which serves to hone investigative skills and and improve incident handling once an attacker has gained a foothold into an organization’s systems and networks. The training culminated with a ‘Capture the Flag’ competition which challenged the attendees to leverage skills they learned throughout the week by hacking into systems and capturing flags on each system. zvelo is proud to share that our team member was instrumental in leading the winning team to victory.
Below we share the top 5 actionable takeaways from this training event.
- Follow an Incident Response Methodology — We recommend the SANS PICERL methodology.
- Preparation – Create an Incident Response Plan, and ensure that you have personnel trained and allocated to respond to an active Incident.
- Investigation – Know which data will be accessible to you and follow the correct process to investigate so that you can quickly identify the type and scope of compromise.
- Containment – Once you identify the compromise, develop a containment plan and implement.
- Eradicate – Implement a plan to remove the attackers’ foothold in the network and clean up malware infection.
- Remediation – Recover operations and systems to restore services.
- Lessons Learned – Identify GAPs and changes that need to be made to prevent repeat incidents.
- Identify any and all publicly available information about your network and company. Information which can be gleaned about the systems, security tools, etc., is information an attacker can identify through public sources and use to compromise your company.
- Bypassing Endpoint Security Solutions. There is no one tool that can stop an attacker as there will always be gaps or ways to bypass any tool. The idea of Defense in depth is crucial to stopping a persistent attacker. Two key actions you can take are to harden your endpoints and enforce least privilege.
- Web-App attacks. This is a public facing system that attackers can attack at their leisure, and commonly used to gain initial access into a victim’s network. Hardening endpoints, layering defenses and vigilant monitoring are key actions you can take to stop, identify and contain an attacker.
- Security is a team effort. All Information Technology teams have a place in security. If each team — system analysts, infrastructure, network administrators, etc. — keeps security in mind when building systems and deploying networks, the overall company will be much more secure and much harder for an attacker to compromise.
Cybersecurity is a key area of focus for zvelo as we strive to make the internet safer and more secure. If you have any questions about any of the points listed above, or any other cybersecurity best practices, please Contact Us.