To most effectively combat sophisticated and stealthy cyberattacks by advanced nation-state actors, today's modern-day security operations center must first truly understand their own businesses, according to Monzy Merza, vice president of security research at Splunk."They have to understand where the risks are, where the threats are based on the environment that they're living. So know thyself first," asserted Merza in an interview with SC Media at Black Hat 2019 in Las Vegas. "And once you understand that, then you can work your way backwards to [determine] what kind threats will you face, what vulnerabilities do you have... within your system, and what sorts of adversaries are the ones that are known to exploit those kinds of vulnerabilities." And from there, the SOC team can fortify their operations accordingly.
https://youtu.be/uUw85SH6vp0
In light of the Capital One data breach that was disclosed last month, Merza also offered his take on how organizations can respond better to cyberattacks on cloud-based assets.
"It still boils down to the basics in many ways. It's how well are organizations doing their vulnerability management, how well are they doing configuration management," said Merza.Merza also said that as companies increasingly migrate systems, services and data to the cloud, security operations are "going to get pressured a little -- and are already getting pressured -- to learn more about how applications and services and technologies work, and I also think it's a very good opportunity for security teams to start to become part of the business rather than sitting outside and looking inward.
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.
The Cloak ransomware operation has laid claim on a significant cyberattack against the Virginia Attorney General's Office last month, reports SecurityWeek.
Oracle has dismissed the purported compromise of its Oracle Cloud single sign-on servers after threat actor 'rose87168' claimed to exfiltrate six million records belonging to the firm's customers, including encrypted Oracle Cloud SSO and LDAP passwords, Java KeyStore files, and Enterprise Manager JPS keys, among others, reports The Register. "There has been no breach of Oracle Cloud.
All of the information posted by the daughter of Baidu Vice President Xie Guangjun has been procured from foreign platforms' "doxing databases," said Baidu.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
