There’s always going to be some residual risk and mopping up after a successful compromise is the role of the Incident Handler, Intrusion Analysts and Forensics Experts. Deep dive network traffic, IDS alerts and rules and SIEMs to build a timeline of events that resulted in the compromise. Can you fix it before the next attack?
The reason why we need Red Teams and Incident Handlers is there’s too many weaknesses in our systems. Secure by Design. That’s the role of Security Architecture. Get it right first time. Covering everything from PKI Cryptology to Cloud Traffic Shaping, from Corporate Governance to Compliance frameworks, from DevSecOps to Regression Analysis this is no lightweight, easy option. How much cyber security do you really know?
Proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions, that’s Threat Hunting. Hackers are an intelligent adversary, they adapt, learn, and evolve. The most advanced attacks can hide on the network for days, weeks, even years. Can you find what they hid?