Kris Shoemaker’s Post

(Almost) every #MSP does vulnerability scanning. But vulnerability management? Lets talk about that more in depth. Really looking forward to partnering up with my friend Kris Shoemaker of Cavelo Inc. as we tackle how to take a broken process and transform it into something that works. And something effective in your security program. Something your clients will get behind. And something that turns into value and resulting revenue. Let’s go!

🌟 Don't Settle for "Good Enough" Case Management! 🌟 Join us for this dynamic webinar on April 17th at 1 pm ET, where you'll discover how Swimlane Tubine's Case Management: 🔍 Enhances visibility 🧠 Enables intelligent incident response 🤖 Automates remediation 🎙️Register now for a game-changing approach to security operations with Steve McGee: https://lnkd.in/gUub-xtT #SecOps #SwimlaneWebinar #SOCAutomation

Day 288 of #365daysofcybersec Course: Vulnerability Management Today, I completed the "Vulnerability Management" exercise on Cybrary. Better Never Rests 🤝 #365daysofcybersec #cybertechdave100daysofcyberchallenge #Cybrary

It was a great opportunity to complete the Incident Handling Report course by Hack The Box. I have learnt so much about Incident Handling from the Detection phase to the Containment, Eradication, Recovery Stage & Post-Incident Activity Stage 😊 🚀

I just finished the Unified Kill Chain room which touches on the UKC being the modified/modern combined extension of other frameworks, such as Lockheed Martin's "Cyber Kill Chain" framework, MITRE's ATT&CK etc... The Unified Kill Chain is a framework which establishes the phases of an attack, and a means of identifying and mitigating risks to IT assets. 'Kill Chain' is a Military-origin phrase used to explain the various stages of an attack but it is used to describe the methodology/path attackers such as hackers or APTs use to approach and intrude on a target in CyberSecurity. This helps us understand the attackers' methods/path to enable defensive measures be put in place to stop them. I learnt Threat modeling which in this context is basically a series of steps to ultimately improve the security of a system by identifying risks in said system and creating a plan of action and follow-up procedures and policies that help mitigate assessed risks. Also worthy of note is the fact that unlike other frameworks, the UKC has 18 documented phases/tactics and with the help of knowledge gained in this room, can be divided into 3 sets by virtue of the stage in the Kill Chain they are on, highlighting a much more realistic attack scenario where various stages will often re-occur. There is the IN(Initial Foothold)phase which speaks to the initial intrusion stage at which point the attacker uses this series of phases to gain access to a system or a networked environment. The tactics in this stage are Reconnaissance, Weaponization, Delivery, Social Engineering, Exploitation, Persistence, Defence Evasion, Command& Control (C2) and Pivoting. The next stage is the THROUGH(Network Propagation) phase which is where the attacker having successfully gained a foothold on the target network, seeks to gain additional access and privileges to systems and data to fulfil their goals. The tactics in this stage are Pivoting(remember the various phases are reused and can re-occur), Discovery, Privilege Escalation, Execution, Credential Access, Lateral movement and Access. The last, but by no means the least, stage is the OUT(Action on Objectives) Phase at which point in the journey of the adversary’s attack on the environment, they have gained critical asset access and can fulfil their attack goals. These goals are usually geared toward compromising the confidentiality, integrity and availability (CIA) triad. This Phase's tactics are Collection, Exfiltration, Impact and Objectives. Majority of the time, the attack is thought to be financially motivated, the attacker may seek to encrypt files and systems with ransomware and ask for payment to release the data. In other instances, the attacker may seek to damage the reputation of the business, and they would release private and confidential information to the public. The job of the SOC Analyst is to find the Attackers' Kill Chain and efficiently shut it down before it does any significant damage to the assets.

What should you look for as you evaluate tools to help activate and keep up with CTEM?🧐 We got your answers right here ⬇️ Check out XM Cyber’s Buyer’s Guide to Meeting and Maintaining CTEM and start building consistent, actionable exposure remediation plans! https://lnkd.in/eMxtXztW

Chris Hughes and Nikki Robinson, DSc, PhD recently wrote the book Effective Vulnerability Management. Dale and Chris discuss the topic and book including: - The definition and scope of vulnerabilities. It’s much more than coding errors that need patches. - Are ICS protocols lacking authentication “vulnerabilities” - The reality that most organizations have 100’s of thousands of unpatched vulnerabilities. Some statistics and will this change. - Ways to prioritize what vulnerabilities you address. - The SSVC decision tree approach that was introduced at S4 as Never, Next, Now - Tooling … vulnerability management, software configuration, ticketing, remediation. - And much more. #unsolicitedresponse #otsecurity #icssecurity

With the end of the year upon us, now is a great time to think about your company's vulnerability management program. We've summarized the common pitfalls we see and some recommended enhancements in the article below. Michael Chada, Austin Fields, and Jordan L. welcome any questions or discussion related to the topic!

Shed light on hiding spots with Network Detection and Response - Attackers thrive on unmanaged assets, but you can stay ahead with enhanced network visibility. By monitoring these hidden spots, you can conduct instant risk assessments to identify potential issues. Once you know where to look, mitigation becomes straightforward. Learn more how to keep your network secure >> https://bit.ly/3MR6EGO