Cyber defense is much more than security. “Security” can be misleading since it encourages people to think in terms of secure or insecure. This way of thinking leads to an overemphasis on preventative measures. Just like the human body, you need many more layers than that. A good cyber defense will also focus on deception, detection, and response in addition to prevention. In this video, we cover the four most important principles of cyber defense. #1 Security Architecture: You can’t defend what you can’t see. It’s really hard to build strong cyber defenses if the foundations aren’t sound. Security architecture is about improving visibility in the network through segmentation. You also want to maintain a good asset inventory and map to quickly identify what’s even there. Implementing policies like blocking removable media or blocking protocols are also architectural in nature. #2 Security Monitoring: Every asset connected to the network needs to generate telemetry. This gives you visibility into the activity occurring on them. Network traffic itself should also be sent to an IDS sensor like Snort or Zeek to generate security data from it. These logs should be aggregated and synced to a centralized location for monitoring. A team of analysts can build systems to detect and alert on anything anomalous. This team serves as the backbone of the network’s cyber defense. #3 Implement Choke Points For effective security monitoring, it’s key to limit the paths devices can communicate on. Blocking outbound traffic by default is the best way to [More]