Share it with your friends Like

Thanks! Share it with your friends!

Close

Cyber defense is much more than security. “Security” can be misleading since it encourages people to think in terms of secure or insecure. This way of thinking leads to an overemphasis on preventative measures. Just like the human body, you need many more layers than that. A good cyber defense will also focus on deception, detection, and response in addition to prevention. In this video, we cover the four most important principles of cyber defense.

#1 Security Architecture:
You can’t defend what you can’t see. It’s really hard to build strong cyber defenses if the foundations aren’t sound. Security architecture is about improving visibility in the network through segmentation. You also want to maintain a good asset inventory and map to quickly identify what’s even there. Implementing policies like blocking removable media or blocking protocols are also architectural in nature.

#2 Security Monitoring:
Every asset connected to the network needs to generate telemetry. This gives you visibility into the activity occurring on them. Network traffic itself should also be sent to an IDS sensor like Snort or Zeek to generate security data from it. These logs should be aggregated and synced to a centralized location for monitoring. A team of analysts can build systems to detect and alert on anything anomalous. This team serves as the backbone of the network’s cyber defense.

#3 Implement Choke Points
For effective security monitoring, it’s key to limit the paths devices can communicate on. Blocking outbound traffic by default is the best way to do this. What is allowed to traverse the network then needs closer inspection. The best way to do this is to force clients to use a local DNS resolver or web proxy to access the Internet. Any traffic not destined for these inspection points is automatically suspect. What does go through can then be analyzed against blocklists or a reputation scoring service. Choke points not only restrict an attacker’s maneuverability but also make it easier to conduct proper cyber defense.

#4 Harden Systems with a Security Baseline
Systems running default configurations are highly vulnerable to generalized attacks. Deploying a security baseline on your assets ensures a consistent level of hardening against them. It also helps with managing change configuration on your network. Authorities like CIS, NIST, DISA, or vendors will all provide recommendations for different types of systems. These include operating systems, applications, phones, and network appliances. Whether it’s scripts, Group Policy Objectives, or Ansible playbooks, they’ll also offer ways to automatically apply baselines too.

00:00 Intro: How to Improve Cyber Defense For Your Network
01:11 The Biggest Misconception in Cyber Security
02:52 Traditional v. Modern Cyber Defense
05:02 Security Architecture & Building a Defensible Network
07:44 Principles of Security Monitoring: Assets & Endpoints
09:40 Create Choke Points In Your Network For Inspection
12:11 Collect Traffic With Network Security Monitoring
14:13 Hardening Systems with a Security Baseline
16:52 Strategies for Implementing Your Cyber Defenses

👍 LIKE AND SUBSCRIBE 📺

—– Resources —–

Rob Joyce’s talk at USENIX Enigma 2016:
https://www.youtube.com/watch?v=bDJb8WOJYdA

#CyberDefense #DFIR #Cyberspatial

Buy/Stream:

Comments

Cyberspatial says:

What do you think are the most important aspects of a good cyber defense?

B Armstrong says:

Everyone hit the nail on the head, adding comments to feed the yt algorithm

AH says:

Please upload a video on Pegasus

felixchua3141 says:

I have noticed that when you talk, you sometimes don't take long enough breaths/have a long enough pause to breath long enough so you run out of oxygen and have to speak fast, pronounce words a bit strange, etc. Now I am not saying that I can do this talking thing as good as you, but I have seen how the good YouTubers do it so this is just some constructive criticism from a random person on the internet.

Nicholas Phillips says:

What is that holding your laptop up?

NoHarmIntended says:

This channel is really a hidden gem, subscribed and if i can do it 1000 times more i would do that.

Zackary Silva says:

Your editing is just stellar, really- since I started watching these videos I also can't help but wonder where you work. They must be lucky!

Muhammad says:

I don’t usually watch full videos but yours was an exception.

Definitely loved the content delivery please never stop making this content

N N says:

This channel is magnificent. Thank you.

Sawyer Schneider says:

I'm still in high school, and I have an insurmountable amount of interest and curiosity when it comes to cybersecurity, and I'm very interested in pursuing it as my career, especially once I have completed high school. This begs the question, where do I start? What are some methods of education and self-education? And how do I maintain a consistently high amount of motivation when learning? I have no idea what path to take in order to start, as well as how to continue down it once I take it. Knowing this information would be a tremendous help. Thanks in advance!

MBOOKUS says:

>watching these even though I know nothing about networking and am not setting up security networks for any businesses

Chris Kirsch says:

Thanks for the shout-out for rumble.run!

vishal shakya says:

i wanna start my own cyber security channel any advice ? sir

vishal shakya says:

u r awsssm bro

Pratik says:

Hey. Can you please make a video on best books to read according to you. For IT in general? Like your top ten or top twenty list for the best books?nn

bhargav yagnik says:

So smooth and pretty neat 👏🏻

Dennis Njoroge says:

I appreciate the amount of effort and energy you put to produce these videos.

Nass Bakhit says:

Hi
Can you please make more videos about cybersecurity and network. I have been following you for long time and I really love all of your videos, so please more videos.

Tyler says:

Facebook is very sketchy! I'm curious why you would recommend a harvesting tool made by them?

Alfonso says:

This is such a good editing!

lovely darling hari says:

Hi bro I need a small help please

lies damnlies says:

When it comes to knowing oneself, I prefer this quote from the game Alpha Centauri:

“Information, the first principle of warfare, must form the foundation of all your efforts. Know, of course, thine enemy. But in knowing him do not forget above all to know thyself. The commander who embraces this totality of battle shall win even with the inferior force.”

-Spartan Battle Manual

I’m a total nerd, yes, but this is especially relevant to anyone trying to defend their organization from threat actors with superior resources (such as foreign states, which may be trying to infiltrate your networks and even your physical building to conduct espionage; I’m sure Boston Dynamics, for example, has these concerns).

Or course I’m not discounting Sun Tzu. The Art of War is a fantastic book on how to deal with conflict. A great deal of it though is about diplomacy and avoiding direct conflict through shrewd statesmanship and subterfuge. I’m not sure those parts are terribly relevant to cybersecurity, since we’re basically in a state of constant, open warfare at this point.

Akshay Ithape says:

Worth information 🙌

spongebob technologies says:

THANKS, ALOT FOR THE EDUCATIVE LESSON

Mabia Akter says:

Your contents are really awesome. But, I feel like you cover a lot in a day, can you suggest from where one can start cybersecurity?

coldheat 7 says:

This is one of your most useful videos yet. Thanks!

Blueteamstrike says:

Sounds like you’ve taken some of the SANS courses! – Great content!!!!

EddyThePsycho says:

Appreciate the great vids, just wanted to ask your opinion on how much networking experience should I get before becoming a pen tester? Like should I do a few years as a network engineer first?

Write a comment

*

DARPA SUPERHIT 2021 Play Now!Close

DARPA SUPERHIT 2021

(StoneBridge Mix)

Play Now!

×