Threats, Advanced Threats, Advanced Persistent Threats... If we would be aware of what state this issue is in, we would be afraid and we would develop ways to protect our systems.
Threat management is a sum of security mechanisms such policies, technology, system processes and procedures that help to respond, mitigate, and manage network threats.
At this point is important to differentiate between threat detection (solely alerting) and threat prevention (a security mechanism that protects and reduces attack surface) as well as threat deception (countermeasures against malicious traffic that complement the threat detection).
This part analyses all the components of a security ecosystem to identify and alert all malicious activity that can be compromising the network based on pre-defined parameters and rules. It also applies machine learning to compare the normal status of each component with the new ones. What elements can be used for this? Some examples are:
- AI & Data Analytic
- Alerting, IDS
- Perimetral Security
- Vulnerability Management
For the issue of attacker’s prevention it is important to deploy some preventive mechanisms that stop and discourage all the intrusion attempts keeping the possible surface of attack as small as possible. Some of the elements that could be implemented are:
- Network/App Firewall
- Identify Management
- Information Security Policy
- Desktop Security (Workstations, VM)
- Encryption SSL/PKI
Threats from our interconnected information systems should be interpreted in the context of other elements that interact with them. We cannot consider threats without taking into account assets, vulnerabilities, risks and impacts. The threat will not make sense if one of these elements is missing.
Why would we worry about a threat if there was no asset where it would act?
Why would we worry about a threat if there was no exploit to it?
Why would we worry about a threat if there was no real risk of someone or something?
Why would we worry about a threat if there is a chance that it would not have a impact?
Do you ask yourself the right questions?
Cyber Threat Management (CTM) is an advanced management program enabling early identification of threats, data driven situational awareness, accurate decision-making, and timely threat mitigating actions.