网络安全是保护互联网连接设备免受来自世界各地威胁行为者恶意攻击的做法. According to the National Institute of Standards and Technology (NIST),网络安全定义为:
“防止损害。, 保护, 以及电脑的修复, 电子通信系统, 电子通信业务, 有线通信, 以及电子通信, 包括其中所载的资料, 确保其可用性, 完整性, 身份验证, 保密, 和不可抵赖性.”
的 首次已知的网络攻击 发生在1988年11月2日,被称为“莫里斯蠕虫”. 以袭击的肇事者命名, 罗伯特·塔潘·莫里斯, it wreaked havoc on the connected networks of many well-known universities, 美国国家航空航天局, 以及军事行动造成了数百万美元的损失. 现代网络安全诞生于莫里斯蠕虫之后, 因为它导致早期的互联网高级用户认真对待保护在这些连接的网络上传输的数据的想法.
这是常识, 今天, 世界各地都有威胁分子, 不断涌现的攻击方法也同样推动着网络安全行业的持续发展和各种形式的攻击. 从发现和修复网络中的漏洞,到阻止和减轻正在进行的攻击的影响, cybersecurity is a critical practice for all of global business and the people that drive it.
网络安全很重要,因为它有助于减轻威胁,防止基于互联网的对企业和个人的攻击(为了本讨论的目的), 我们将重点关注企业级安全性).
Data and privacy are the core aspects of what a cybersecurity framework should protect and defend. 问自己几个问题:
As we can see from the above considerations, the question of “why is cybersecurity important?的问题,每个组织看起来都不一样, 但所有地方的总体目标都是一样的:保护敏感信息,这是企业运作方式和原因的核心.
有效的网络安全计划有助于保持企业的良好声誉,并能对企业产生积极影响 文化与人才获取.
网络安全工作的主要要素是创建端到端网络覆盖和教育,以便由有才能的人员运行的有效计划确保业务运营. 让我们来看看网络安全的一些核心要素.
As business operations around the world increase the pace of cloud adoption, 保护数据现在比以往任何时候都更加重要. Information is constantly moving from on-prem systems to the cloud and back again, 商业领袖们希望保持这一步伐, 因此,确保自由流动的数据是极其重要的.
As data moves along different systems within a hybrid (on-prem and cloud) network, 有些点可能更大 脆弱的 than others due to weaker security or a flaw in how that system was configured. 因此, it’s important to minimize the chances that malicious actors could access data anywhere along that network.
是时候了 安全运营中心(SOC) 恢复正常的业务操作程序. 如果在利益相关者和分析师需要数据时无法获得数据, there needs to be a plan in place to restore it as quickly as possible.
文档是灾难规划的关键,这样团队就可以了解什么是备份系统的一部分,什么不是备份系统的一部分,这样业务操作就可以在尽可能少的中断下继续进行.
这个过程本质上包含了更高级别的操作,这些操作有助于防止威胁行为者破坏数据,这是业务日常操作任务的一部分.
云安全 protects data and applications on both public and private cloud platforms, securing organizational cloud infrastructures on which sensitive business operations run.
Securing infrastructure that keeps society running is, well, critical. 这些领域包括医疗保健, 发电厂和公用事业, 能源产业, 国防工业, 非营利组织, 政府部门.
Literally not letting potential bad actors into the room where data is stored is the mission of physical security. 任何连接到互联网的东西——一种被称为物联网(IoT)的东西——都可以控制访问(徽章扫描仪), 门锁, 等.) to business or security operations could be a target of malicious behavior.
安全意识培训 is the aspect of cybersecurity that extends beyond expert practitioners. Everyone in a business – no matter their department or function – is a potential liability, 因此,对员工进行网络安全基础知识教育以及个人可以采取的保护自己和公司的行动至关重要.
不用说, drilling down into different cybersecurity frameworks and types could be a lengthy exercise. 因此, let’s learn a bit about some of the most common types of cybersecurity found in programs across the globe.
也被称为 网络检测与响应(NDR), 该领域包括将规则或签名应用于网络流量,以便自动触发可能指示恶意行为的活动警报.
Managing vulnerabilities along network systems can often seem like a game of whack-a-mole, 在恶意行为者试图利用其中一个漏洞并破坏网络之前,安全团队正忙着堵住一个又一个漏洞.
网络安全从业者利用 威胁情报(TI) to measure the likelihood that a potential threat could turn into a full-fledged attack and subsequent breach. TI should be a constant data feed that helps to inform offensive and defensive actions to protect against threats.
It can be difficult to secure the many aspects of applications that exist on the web. 他们不断地从互联网上发送和接收数据, so it’s critical to defend that process against malicious attacks by scanning web应用程序 寻找漏洞和漏洞的迹象.
的re have been many high-profile, or celebrity, attacks over the years. 但, what are the specific 流程 and workflows by which these newsworthy attacks have been perpetrated?
This is essentially the same as the act of robbing a bank or stealing someone’s wallet. Cyptojacking enables a perpetrator to breach a network in order to mine cryptocurrency, 通常在用户不知情的情况下,为时已晚.
A supply chain attack gives a threat actor access to not only the organization they’ve managed to penetrate, 同时也对接入被入侵网络的第三方负责. 这些第三方通常包括外部供应商, 渠道合作伙伴或经销商, 承包商, 和更多的.
APT是指资金充足的个人或团体, 组织良好的, 而且供应充足,能够比安全组织用来抵御威胁或攻击的任何对策都更持久. 的y are able to be persistent and wear down defenses for a prolonged attack.
In this scenario, an attacker is able to breach the security perimeter or a network undetected. 这表明, 一旦发现漏洞, the organization has “zero days” – also known as no time at all – to respond to, 纠正, 或者减轻威胁.
Larger, more sophisticated ransomware groups sell their technical expertise in the form of ransomware包 一个外行理论上可以相对容易地发射.
mitm allow attackers to eavesdrop on the communication between two targets. 的 attack takes place in between two legitimately communicating hosts, allowing the malicious actor access to sensitive data that they can then offload to another location.
了解网络安全固有的挑战可能就像了解爬山的许多难以置信的挑战一样. 这就是为什么人才如此重要.
如果没有一个能够解决网络安全计划某些特定功能的挑战的个人团队,适当的安全计划是不可能工作的.
它需要组织领导层采取行动,建立和实施全面的培训计划,而不仅仅是保持安全专业人员的技能锋利, 但也要告知和培训在企业中工作的非安全专业人员有关信息和网络安全的基础知识.
Building this sort of internal program from the ground up is no small task. 因此,许多安全组织将 带上第三方 专门从事安全意识培训.
剩下的在 合规 with state/federal/territory/government/internally mandated regulations and policies can often seem like a game of chase. 一个组织在一个领域投入了大量的精力来建立合规性,却发现在另一个领域却严重缺乏.
事实上, 根据企业在世界各地的运营情况——无论是一个办事处还是全球多个办事处——它可能必须遵守一些关于跨越物理和数字边界传输私人用户或客户数据的规定. Some industries like healthcare, financial, and energy are more heavily regulated than others.
对那些金钱无关紧要的攻击者来说,比如那些由国家或富有的黑客组织支持的攻击者,往往可以找到绕过传统安全协议和方法的方法.
即使供应商整合升温,更多的安全解决方案和功能都在一个拥有雄厚财力的电力供应商的保护伞下, 要抓住一个资金充足、动机良好的威胁参与者仍然很困难,因为他们实际上可能是许多威胁参与者,会使目标系统屈服.
When discussing fatigue in the world of cybersecurity, we’re usually speaking of “alert fatigue.” That is, alerts of multiple kinds coming in hundreds or even thousands of times a day.
If a team isn’t properly staffed to investigate those alerts – and even if it is, looking over each and every alert can get old very fast – or doesn’t have a plan in place to 自动化这个过程, 既要知道哪些警报不是误报,又要掌握调查有效警报的资源,这将变得极其困难.
在网络安全领域,最佳实践剧本是深度的. And, depending on the function, best practices may not be universally applicable. 让我们来看看一些更广泛的领域,这些领域可以作为起点,最终可能成为网络安全的巨大好处.
与 MFA, 用户或应用程序需要执行额外的步骤——除了输入用户名和密码之外——才能获得访问权限. 这通常以呈现硬件密钥的形式出现, 正在接收验证文本消息, 和/或输入一次性代码.
与 自动化和编排, 团队可以在不牺牲对关键安全和IT流程的控制的情况下实现改进的安全状态和效率. 整合不同的安全系统并让它们有效地协同工作是开启一个成功的网络安全计划的关键.
在这个模型中,所有东西都是不可信的 零信任:人类, 端点, 移动设备, 服务器, 网络组件, 网络连接, 应用程序的工作负载, 业务流程, 数据流. 这意味着这些人中的每一个, 流程, 或者,事物必须不断地得到授权和认证.
这项技术本质上是作为潜在攻击者的诱饵. 通过设置看起来是合法IT资产的陷阱 欺骗技术 能否诱使攻击者与这些资产进行交互, 触发警报,给你的团队时间, 洞察力, and context they need to stop attackers in their tracks and force them out of the network.