First Things First The Top 4 Security Mitigation Strategies

Tuesday, 10 Dec 2013 8:00PM EST (11 Dec 2013 01:00 UTC)
Speaker: Dr. Eric Cole

Sponsored by Palo Alto Networks

When the Future of Enterprise Security Is Determined Be a Part of It.

March 31 - April 2, 2014 | The Cosmopolitan, Las Vegas

Get $300 off with the special Sans Institute discount code "SANS14".

https://www.paloaltonetworks.com/ignite/

Organizations are struggling with cyber security. It seems the more money that is spent, there is an equal increase in attack vectors. While new technologies will help, it is important to focus in on the core areas that will make the biggest impact. These areas need to be aligned with how an adversary breaks into a system.

Targeted intrusions of a computer network can be broken down into three stages, these are:

Stage 1: Code Execution is where an adversary attempts to gain an initial foothold into a computer network. This is typically done by delivering a socially engineered email to a staff member within the organisation containing a malicious attachment or link. If the user opens this link the adversaries' malicious code will execute on the endpoint and provide this foothold.

Stage 2: Network Propagation is where an adversary uses this network foothold to spread to other locations inside the compromised computer network. In this stage they are typically looking to gain additional access to multiple internal systems and create reliable methods of accessing these systems in the future, this is also known as gaining 'persistence'.

Stage 3: Data Exfiltration is where an adversary has located data of interest and removes this data from a corporate network.

The Top 4 Mitigation strategies provide coverage across all three stages of the intrusion process and an effective way to implement effective security. According to DSD "While no single strategy can prevent malicious activity, the effectiveness of implementing the Top 4 Strategies remains very high. At least 85% of the intrusion techniques that ASD responds to involve adversaries using unsophisticated techniques that would have been mitigated by implementing the Top 4 mitigation strategies as a package." In this webcast learn about how attack vectors work and ways the Top 4 can defend against them.

Login to Register

Related Content

Security Awareness, Cybersecurity Leadership, Cloud Security, Open-Source Intelligence (OSINT), Industrial Control Systems Security, Digital Forensics, Incident Response & Threat Hunting, Cybersecurity and IT Essentials, Cyber Defense, Offensive Operations, Pen Testing, and Red Teaming, CyberLive, Workforce Development, Career Development, Why Certify, Imposter Syndrome, NetWars, Mentorship, Job Hunting, Operating System & Device In-Depth, Artificial Intelligence (AI)

A Visual Summary of SANS New2Cyber Summit 2024

Check out these graphic recordings created in real-time throughout the event for SANS New2Cyber Summit 2024

Cyber Defense, Digital Forensics, Incident Response & Threat Hunting, Industrial Control Systems Security, Penetration Testing and Red Teaming

January 29, 2024

A Visual Summary of SANS CTI Summit 2024

Check out these graphic recordings created in real-time throughout the event for SANS CTI Summit 2024

Cybersecurity Insights, Digital Forensics, Incident Response & Threat Hunting, Cyber Defense, Cloud Security, Open-Source Intelligence (OSINT), Cybersecurity Leadership, Security Awareness, Artificial Intelligence (AI)

December 18, 2023

Top 15 SANS Summit Talks of 2023

This year, SANS hosted 16 Summits with 209 talks. Here were the top-rated talks of the year.