What is Cisco Security?

Cisco Security is a platform that offers cybersecurity solutions to protect interconnected systems from attacks.

How does Cisco Security protect businesses?

It offers integrated security solutions that help businesses anticipate threats and enhance resilience.

What is the purpose of the 'find yourself in the future' series?

This series aims to educate newcomers and professionals in cybersecurity through expert-led tech talks.

What skills are essential for a junior cybersecurity analyst?

Curiosity, understanding hardening techniques, and familiarity with security policies and CIS benchmarks.

What certifications are recommended for a career in cybersecurity?

Cisco Certified Support Technician (CCST), CISSP, CCSP, and SANS Security Essentials.

What are some common cyber threats that businesses face?

Phishing, unauthorized access, and data breaches are prevalent threats businesses must mitigate.

FYIF: Infrastructure Security -The Backbone of the Digital World

00:44:34

https://www.youtube.com/watch?v=yoNWJpxTOoM

Sintesi

TLDRCisco Security provides solutions to protect businesses against cyber threats by emphasizing the principle that 'if it's connected, it's protected.' The content covers the importance of cyber resilience, the threat landscape, and the upcoming 'find yourself in the future' cybersecurity series with expert insights. Training opportunities for aspiring cybersecurity professionals are highlighted, including the growing job market and essential skills to develop for careers in cybersecurity. Key sessions focus on infrastructure security, compliance, and attack prevention strategies.

Punti di forza

🔒 Cisco Security keeps your business safeguarded from cyber threats.
💡 Cybersecurity is becoming critical across all sectors, including healthcare and retail.
🛡️ Understanding the threat landscape enhances cybersecurity measures.
📚 Many free resources and courses are available for those entering the cybersecurity field.
🌐 Collaboration and knowledge sharing are vital in responding to cyber threats.
🚀 A wide range of job roles in cybersecurity caters to both technical and non-technical skills.
🧑‍💻 Continuous learning and upskilling are crucial for success in cybersecurity careers.

Linea temporale

00:00:00 - 00:05:00
This segment introduces the importance of cybersecurity in protecting businesses from cyberattacks, highlighting that with Cisco's solutions, if it's connected, it's protected. Hackers come in various forms and can operate independently or as teams. Cisco aims to build resilience in businesses facing cyber threats, emphasizing a culture of learning and inclusivity in their approach to cybersecurity solutions.
00:05:00 - 00:10:00
In the second segment, the focus is on the launch of the 'Find Yourself in the Future' series, a 10-part tech talk series on cybersecurity. Mike Bard discusses infrastructure security and compliance standards, followed by a presentation from Joseph, who introduces Cisco Networking Academy's cybersecurity curriculum, aiming to fill the gap in cybersecurity job roles and educate newcomers about career opportunities.
00:10:00 - 00:15:00
Joseph elaborates on the cybersecurity job market, stressing the urgent need for skilled professionals in various sectors, such as healthcare and food industries. He outlines potential job roles within cybersecurity, including blue team and red team positions, and encourages individuals to start their journey through introductory courses offered by Cisco.
00:15:00 - 00:20:00
Joseph explains the various pathways for those interested in cybersecurity, including the Junior Cyber Security Analyst Career Path and certification programs. He emphasizes the importance of continuous learning and provides suggestions for starting points, such as awareness courses and ethical hacking courses, to build a solid foundation in cybersecurity.
00:20:00 - 00:25:00
Mike Bard begins the infrastructure security talk, defining it as the combination of hardware, software, and network resources essential for enterprise IT environments. He compares infrastructure security to vehicles dependent on roads and support systems, setting the stage for discussing specific domains and controls within infrastructure security.
00:25:00 - 00:30:00
Mike highlights key security practices essential in infrastructure security, including information security policies, device inventories, logging practices, vulnerability management, and compliance monitoring. These controls form a fundamental part of securing an enterprise's infrastructure and managing security incidents efficiently.
00:30:00 - 00:35:00
The segment flows into detailed discussions on various domains within infrastructure security. Mike covers device security, identity and access management, server platforms, and network security. He emphasizes common vulnerabilities, management practices, and vital cybersecurity skills required in each domain to mitigate potential threats effectively.
00:35:00 - 00:44:34
In the final segment, with a Q&A session, Mike addresses audience questions about essential skills for junior cybersecurity analysts and effective strategies for monitoring network activity. He suggests relevant certification and training opportunities, including Cisco certifications, and underscores the value of continuous learning and curiosity in a cybersecurity career.

Mostra di più

Mappa mentale

Video Domande e Risposte

What is Cisco Security?
Cisco Security is a platform that offers cybersecurity solutions to protect interconnected systems from attacks.
How does Cisco Security protect businesses?
It offers integrated security solutions that help businesses anticipate threats and enhance resilience.
What is the purpose of the 'find yourself in the future' series?
This series aims to educate newcomers and professionals in cybersecurity through expert-led tech talks.
What skills are essential for a junior cybersecurity analyst?
Curiosity, understanding hardening techniques, and familiarity with security policies and CIS benchmarks.
What certifications are recommended for a career in cybersecurity?
Cisco Certified Support Technician (CCST), CISSP, CCSP, and SANS Security Essentials.
What are some common cyber threats that businesses face?
Phishing, unauthorized access, and data breaches are prevalent threats businesses must mitigate.

Visualizza altre sintesi video

Ottenete l'accesso immediato ai riassunti gratuiti dei video di YouTube grazie all'intelligenza artificiale!

Sottotitoli

Scorrimento automatico:

00:00:20
a Cyber attack can grind everything to a
00:00:22
halt Cisco security keeps your company
00:00:25
moving forward because if it's connected
00:00:28
it's protected Cisco
00:00:33
a hacker doesn't always look like a
00:00:39
[Music]
00:00:42
hacker the Hacker's at home everywhere
00:00:48
[Music]
00:01:00
coms in many
00:01:01
[Music]
00:01:05
forms he's interested in
00:01:07
[Music]
00:01:10
everything he can work
00:01:12
alone but with a crew so much
00:01:20
[Music]
00:01:24
better a hacker is free
00:01:31
with Cisco protecting your business from
00:01:34
cyber attackers is simple if it's
00:01:36
connected you're
00:01:40
protected at Cisco we provide cyber
00:01:43
Security Solutions and experties we help
00:01:47
the world navigate an uncertain present
00:01:50
and enable a protected future word
00:01:53
driven by the duty to help our customers
00:01:55
become more resilient see more threats
00:01:58
anticipate what's next and take the
00:02:00
right action when the stakes are at the
00:02:03
highest behind our Innovation you'll
00:02:06
find a shared passion for solving
00:02:08
problems for making a real life impact
00:02:11
cultivating a culture of learning and
00:02:14
championing a People First philosophy
00:02:17
being inclusive and encouraging you to
00:02:19
show up as your authentic self isn't
00:02:22
simply welcomed it inspires us to build
00:02:25
and learn together we also believe that
00:02:28
taking care of our customers starts with
00:02:30
being Kinder than necessary to each
00:02:32
other that's why we make an ongoing
00:02:35
investment to level up your skill set
00:02:37
provide paid time off to give back to
00:02:40
your community and celebrate our wins
00:02:43
together whether safeguarding data
00:02:45
helping keep critical Services running
00:02:48
or providing threat intelligence cyber
00:02:50
security at Cisco empowers the world to
00:02:53
reach its full potential
00:02:55
securely creating an inclusive future
00:02:59
for all
00:03:00
a secure future starts with
00:03:07
you here's what security looks like
00:03:10
today too many threats too many fixes
00:03:14
too many controls across too many clouds
00:03:17
you end up with a patchwork of brilliant
00:03:19
protections that's well complicated and
00:03:22
complicated is a problem because it's
00:03:25
harder to manage which means easier to
00:03:28
attack so would would it just be better
00:03:30
if security could be simple like a
00:03:34
single security platform integrated
00:03:37
centrally managed powered by AI
00:03:40
accelerated by automation delivering
00:03:43
Telemetry and visibility across your
00:03:45
entire multicloud
00:03:47
infrastructure so everything that's
00:03:49
connected is
00:03:51
protected that's Cisco security Cloud a
00:03:55
cloud-based security platform that makes
00:03:57
it easier for your users to access their
00:03:59
apps no matter where they are securely
00:04:03
for your it administrators to manage
00:04:05
policy consistently across their entire
00:04:07
environment for your security team to
00:04:10
detect and remediate breaches anywhere
00:04:12
they're happening and for your
00:04:14
developers to create apps that are from
00:04:16
day one already
00:04:19
secure Cisco security Cloud better for
00:04:22
users easier for it optimized for
00:04:26
developers safer for everyone
00:04:50
a Cyber attack can grind everything to a
00:04:52
halt Cisco security keeps your company
00:04:55
moving forward because if it's connected
00:04:58
it's protected Cisco
00:05:03
[Applause]
00:05:08
hello and welcome to the launch of our
00:05:10
new find yourself in the future series
00:05:12
of cyber security this exciting 10p part
00:05:16
series of tech talks delivered by Cisco
00:05:18
experts will span from today until May
00:05:22
2025 throughout these sessions we'll
00:05:25
dive deep into every facet of cyber
00:05:28
security catering to both newcomers
00:05:30
curious about a career in cyber security
00:05:32
and those already on their Journey who
00:05:34
are eager to deepen their knowledge with
00:05:37
insights from our season experts here at
00:05:40
Cisco today we are focusing on
00:05:43
infrastructure security examining the
00:05:46
essential areas from a security
00:05:48
perspective we'll explore compliance
00:05:50
standards and discuss the metrics needed
00:05:53
to continuous realtime compliance
00:05:58
monitoring we are privilege to have Mike
00:06:00
Bard as our speaker for this session
00:06:03
with over 25 years of experience in
00:06:06
Enterprise it and information security
00:06:09
Mike currently leads the infrastructure
00:06:11
security architecture team within
00:06:13
Cisco's information security
00:06:16
organization Mike's team is instrumental
00:06:20
in shaping Enterprise security
00:06:21
architecture across various domains
00:06:24
including identity device server Network
00:06:28
and the Cloud but first we will hear
00:06:32
from Joseph jenit Cisco networking
00:06:34
Academy's learning experience product
00:06:37
manager who will provide details about
00:06:39
our cyber security learning portfolio
00:06:42
hey welcome Joseph and thanks for
00:06:44
joining us today thank you Emma hello
00:06:47
everyone let me briefly introduce our
00:06:49
cyber security curriculum at Cisco
00:06:51
Network Academy which lets you start
00:06:53
your cyber security care Journey today
00:06:56
and for
00:06:58
free there are already 4 million
00:07:00
unfilled jobs in the cyber security
00:07:02
space today and organizations are
00:07:05
government are seeking new Cyber
00:07:07
Security Professionals to make sure
00:07:08
their own but also your personal data is
00:07:11
secure and they might be looking just
00:07:13
for you the next cyber security
00:07:16
professional and these jobs are
00:07:18
literally everywhere think about the
00:07:20
bakery down the street today that Bakery
00:07:23
is a digital business for they have
00:07:26
their own online website and then also
00:07:29
they are doing doing credit card
00:07:30
transactions they might have their
00:07:31
online ordering system and so on and so
00:07:34
on and hence they really need to be
00:07:36
cyber security resilient so they can
00:07:38
protect their own data but also maybe
00:07:41
your data that might be stored in their
00:07:43
systems and if you think about it Health
00:07:46
Care Transportation energy food
00:07:49
utilities and all these other Industries
00:07:51
are super critical but they might fall
00:07:54
victim of cyber attacks from cyber
00:07:56
threat actors and criminals so so what
00:08:00
can we do join us become a cyber
00:08:02
security Defender to protect
00:08:03
organizations governments and your
00:08:06
personal information and data at this
00:08:09
point you might be asking so what type
00:08:11
of job roles could I advance to in the
00:08:13
cyber security field and there are
00:08:16
various jobs in cyber security ranging
00:08:18
from the technical to even non-technical
00:08:20
jobs but focusing here on the technical
00:08:23
jobs you might be working in a so-called
00:08:25
blue team the defensive security team
00:08:28
this team implements security control
00:08:30
such as for example firewalls multiactor
00:08:33
authentication encryption and so on and
00:08:35
so on and this thing also monitors for
00:08:38
malicious behavior or malicious type of
00:08:40
activities in the it
00:08:42
infrastructure you might be also part of
00:08:44
the red team the so-called offensive
00:08:46
security team and you might be working
00:08:48
there as a penetration tester or an
00:08:50
ethical heer and in these job roles you
00:08:53
will be discovering vulnerabilities and
00:08:55
weaknesses before the Trad actors do so
00:08:58
that your organization again can be more
00:09:01
cyber
00:09:02
secure and now that you are hopefully
00:09:04
really excited about these Target job
00:09:06
roles the most important thing is to
00:09:09
start your
00:09:11
journey and you can start at the
00:09:13
awareness level and we recommend to all
00:09:16
your friends digital citizens that you
00:09:17
start with the inaction to cyber
00:09:19
security course there's really a short
00:09:22
six-hour course that will give you an
00:09:23
overview into the domain of cyber
00:09:25
security the various type of job rols
00:09:28
but it will also teach teach you how to
00:09:30
become cyber secure in this digital
00:09:33
world and then if you are interested in
00:09:36
kickstarting your career the first
00:09:38
stepping stone that we recommend that
00:09:39
you take is our Junior cyber security
00:09:42
analyst carry po this carry PA is is
00:09:46
equi with courses that will take you
00:09:48
from zero to this entry level job rooll
00:09:51
and by the way this job role and this
00:09:53
carry part is also aligned with our new
00:09:56
Cisco certified support technician CCSD
00:09:59
certification in cyber security and
00:10:01
putting that on your resume well that
00:10:03
can give you an advantage when you are
00:10:05
looking for a job in the cyber security
00:10:08
space but my recommendation is never
00:10:11
stop learning in the cyber security
00:10:13
space and therefore continue even even
00:10:15
here you can continue to become an
00:10:17
ethical heer or penetration tester using
00:10:20
our brand new ethical heer course that
00:10:22
you can take for free or you can
00:10:24
continue your journey in the defensive
00:10:26
security side with our cops associated
00:10:29
course aligned with a Cisco cyber
00:10:31
associate certification or you can take
00:10:33
the network security course at one of
00:10:36
our Cisco academies that are available
00:10:38
worldwide and if you're asking okay so
00:10:40
where can I actually find these courses
00:10:41
where can I start my journey well simply
00:10:44
just visit our website click on the
00:10:46
catalog select the cyber security filter
00:10:48
and you are good to go start your
00:10:50
journey and that brings me to the very
00:10:52
end of my presentation and I wish will
00:10:55
hope that we really manag to inspire you
00:10:58
to join cyber security defensive forces
00:11:01
and with that with your help we can make
00:11:04
the digital world a much more secure
00:11:06
place thank you very much and good luck
00:11:08
on your journey and with that back to
00:11:10
you Emma thanks Joseph we'll cross over
00:11:13
now to Mike welcome Mike and thanks for
00:11:15
joining us today thanks for having me I
00:11:19
I'm excited to be here uh it's great to
00:11:21
have an opportunity to talk about
00:11:23
infrastructure security um welcome
00:11:26
everybody and thanks for joining the
00:11:27
session today um this is infrastructure
00:11:30
security the backbone of the Digital
00:11:32
World um as Emma mentioned I'm Mike
00:11:34
Bullard and I work in uh information
00:11:37
security for
00:11:38
Cisco the session today is going to
00:11:41
focus on really the domains and controls
00:11:44
um associated with infrastructure
00:11:46
security and we'll cover some of the
00:11:49
security fundamentals in that area but
00:11:52
infrastructure security is a really
00:11:53
large area it's a big space so this
00:11:56
won't hit every aspect but we're going
00:11:58
to look at some of the pr primary
00:11:59
domains and we're going to talk about
00:12:01
some of the security controls that are
00:12:03
applicable to those domains
00:12:06
specifically um we'll also um really
00:12:10
cover some of the controls that apply
00:12:13
across all of those domains so there's a
00:12:16
set of controls um that are really
00:12:19
applicable to all of infrastructure
00:12:21
security as a whole so we'll go through
00:12:22
those as well I think it's going to be a
00:12:24
really exciting conversation so uh let's
00:12:26
let's jump right into it
00:12:29
um first to start us off um let's talk
00:12:32
about what infrastructure security
00:12:34
actually is what do we mean by
00:12:36
infrastructure security uh well
00:12:38
infrastructure security uh and
00:12:40
infrastructure really is it's the
00:12:43
hardware the software uh the network
00:12:46
resources the services those things that
00:12:48
are required to operate an Enterprise it
00:12:51
environment so this is these are the
00:12:54
things that support all of the
00:12:56
applications all of the data that's
00:12:58
needed to run
00:12:59
business uh if we think about um you
00:13:02
know that being a foundational area um
00:13:06
that infrastructure security really ends
00:13:08
up being key to securing all of the
00:13:11
applications and data that sits on top
00:13:13
of it so an analogy that I think of is
00:13:17
you know if we think about uh Vehicles
00:13:20
automobiles uh we think about really the
00:13:23
the roads the fuel stations the repair
00:13:26
shops all those things that are in
00:13:27
support of us being being able to drive
00:13:29
our cars uh that's a lot like
00:13:31
infrastructure security those roads and
00:13:33
fuel stations and repair shops that's
00:13:35
the infrastructure so uh that's really
00:13:37
what we're going to get into
00:13:40
today so before we get into the
00:13:44
individual
00:13:46
domains um what we wanted to go through
00:13:49
are some of those controls like we were
00:13:52
saying that apply across all of
00:13:54
infrastructure security so some of these
00:13:56
common practices that are really
00:13:59
important in securing your your
00:14:01
infrastructure
00:14:02
environments so starting off there we've
00:14:04
got uh an information security policy so
00:14:08
information security policy you know we
00:14:10
might think oh that's maybe that's not
00:14:12
as not as cool that's not as exciting
00:14:15
but it really is a key element in um in
00:14:19
securing your
00:14:20
Enterprise so these policies are really
00:14:22
what define the risk appetite for the
00:14:24
company so they kind of set the rules of
00:14:27
the road they really tell us what what
00:14:29
are the what are the things that we must
00:14:30
do and what are the things that we
00:14:31
should not do so those those information
00:14:34
security policies those being clear and
00:14:37
really consumable uh that's a really
00:14:38
important aspect when you're talking
00:14:40
about uh infrastructure security
00:14:42
security as a whole
00:14:44
really um device inventory is another
00:14:48
really just fundamental uh fundamental
00:14:50
area so you know there's that there's
00:14:52
that uh saying that you really can't
00:14:55
secure um what you can't see so things
00:14:58
that you don't know about it's very
00:15:00
difficult to secure so having a device
00:15:02
inventory and understanding all of the
00:15:05
really metadata or attributes about
00:15:07
those devices is really key so what are
00:15:11
the things that we need to know about
00:15:12
those devices well we want to know uh
00:15:15
what operating system it is what
00:15:17
firmware it
00:15:18
is uh what what versions of applications
00:15:22
does it run what applications does it
00:15:24
support um who owns it who operates it
00:15:27
all those types of things uh really
00:15:29
important and go along with the device
00:15:31
inventory those are all things that are
00:15:32
really key for um security Incident
00:15:36
Management security incident
00:15:38
investigations so all our incident
00:15:39
response teams uh that's really
00:15:41
important data for all of
00:15:44
them uh logging is another critical area
00:15:47
again something that's uh really
00:15:48
important and key for incident
00:15:50
responders whether it's a system log or
00:15:53
an access log um something that's
00:15:55
logging commands on systems uh those
00:15:58
logs are really really really critical
00:16:00
to understand what's happened
00:16:01
historically on a device what have we
00:16:03
seen what happened to it um again in
00:16:06
support of the the incident response
00:16:08
incident remediation
00:16:10
efforts uh vulnerability management is
00:16:13
another key area uh something that
00:16:16
really very ubiquitous across the
00:16:19
industry everybody talks about
00:16:20
vulnerability management the importance
00:16:21
of patching um so you know that's a
00:16:24
that's a really key control really
00:16:26
having having a a process that covers
00:16:30
scanning for vulnerabilities triage uh
00:16:34
remediating vulnerabilities validating
00:16:36
that they're remediated U and even
00:16:38
metrics in reporting how how many did we
00:16:40
fix how many new ones did we find all of
00:16:42
that stuff really important Concepts
00:16:44
around vulnerability
00:16:46
management um DNS compliance and
00:16:50
monitoring uh so with DNS it's really is
00:16:53
a key control for again the incident
00:16:56
response side of the house as well um
00:16:58
all of our DNS records end up being uh
00:17:02
really interesting kind of indicators of
00:17:04
compromise so if the system gets
00:17:08
compromised many times it'll reach out
00:17:10
to a command and control server it does
00:17:11
that typically via DNS so that's a
00:17:14
really interesting way to pick up uh
00:17:16
that something's been that something's
00:17:17
been compromised so those DNS logs are
00:17:20
really important also pointing all of
00:17:23
our systems to DNS servers that we know
00:17:26
are trustworthy uh and even DNS systems
00:17:29
that maybe have a security policy that
00:17:32
we can Implement around DNS so Cisco
00:17:35
umbrella uh does this so you can you can
00:17:37
configure in Cisco umbrella a policy
00:17:40
that says hey I I these things are okay
00:17:42
these things are not okay and we can
00:17:44
Implement that across our Enterprise so
00:17:46
those kinds of enss policies can be
00:17:48
really
00:17:50
important and then finally here in the
00:17:52
common security controls um this idea of
00:17:55
continuous compliance validation uh is
00:17:58
really key
00:17:59
so one of the things that we want to
00:18:01
make sure is you know based on the
00:18:02
controls that we Define in our
00:18:04
information security
00:18:06
policy are those controls actually
00:18:09
implemented in our systems so are our
00:18:11
servers or network devices um are those
00:18:14
things configured in compliance with our
00:18:16
security policy and how do we how do we
00:18:19
continually validate that they are uh
00:18:22
configured correctly how do we
00:18:24
continually get data about how they're
00:18:27
configured and where the gaps are I
00:18:28
didn't realize this server no longer has
00:18:31
this control on it how did how quickly
00:18:33
can I determine that and then go
00:18:35
remediate it so um that compliance
00:18:38
validation uh again another important
00:18:42
aspect so now let's take a look at some
00:18:45
of the specific domains that make up
00:18:47
infrastructure security um let's let's
00:18:50
kind of walk through some of those we'll
00:18:52
start with the the device
00:18:54
space so in the device space u things
00:18:57
you would commonly see here laptops and
00:19:00
desktops um mobiles tablets so all of
00:19:04
those devices that employees use to
00:19:07
access corporate resources um all of
00:19:10
those things are are in this device
00:19:13
space so uh as we're talking about key
00:19:16
security controls here um a device
00:19:20
management system um is really is really
00:19:24
a an important control that device
00:19:26
management system is really what
00:19:28
ultimately
00:19:29
gets all of your devices in compliance
00:19:31
with your secur security policy because
00:19:34
that device management system or DM
00:19:36
Suite that's what pushes all of the
00:19:39
configurations and controls down to all
00:19:41
the devices that it manages so whether
00:19:43
it's a Windows Windows device a Linux
00:19:46
device an apple a Mac um a mobile phone
00:19:50
the the DM Suite is really what um
00:19:52
ultimately lets you control the
00:19:55
configuration and the security controls
00:19:58
that are applied to all those
00:20:00
devices so some of those security
00:20:02
controls might include anti-malware so
00:20:04
uh something like a Cisco amp um you
00:20:08
know that's an anti-malware solution
00:20:10
that uh is really important to make sure
00:20:13
that we don't have files getting onto
00:20:15
systems that are U allowing attackers to
00:20:19
uh to to do things that we wouldn't want
00:20:22
there uh Drive encryption is another
00:20:24
another key control along with minimum
00:20:27
OS version uh and passwords and screen
00:20:30
locks so you know the combination of
00:20:32
these things what are the controls that
00:20:33
we want to use to harden all of our
00:20:35
device infrastructure uh just a really
00:20:37
really uh important
00:20:39
area um one of the things that this then
00:20:43
kind of goes into is uh is some of the
00:20:47
um cyber security skills that you might
00:20:50
want to develop if you were going into
00:20:53
the device and in client compute
00:20:55
space so understanding how to evaluate
00:20:59
how well a device has been hardened
00:21:01
there's tools that are available to be
00:21:03
able to give us some idea about uh the
00:21:05
hardening of a particular set of
00:21:07
devices and also understanding uh device
00:21:11
management Concepts so understanding uh
00:21:13
what device management Suites there are
00:21:15
what tools are there out there that we
00:21:16
can use and how to apply those to your
00:21:20
environment and how to enforce those
00:21:21
controls that are required by your
00:21:23
organization uh into that environment so
00:21:26
those are those are some cyber security
00:21:27
skills that are really out applicable um
00:21:30
in this case to the device in the incli
00:21:32
compute
00:21:34
domain um another thing we want to go
00:21:37
into in these domains are are some
00:21:40
attack
00:21:41
scenarios so uh in the device and in
00:21:44
client compute space um a thread actor
00:21:47
in this case we're talking about fishing
00:21:50
so send some fishing emails and that
00:21:52
ultimately lures employees to a
00:21:55
malicious
00:21:56
website so you know we see that all the
00:21:58
time it's very common in the
00:22:00
industry and running anti- malware
00:22:03
software as well as the DNS controls
00:22:05
that we talked about those are things
00:22:07
that can help prevent a threat actor uh
00:22:10
ultimately from being able to gain
00:22:11
access and compromise a system so those
00:22:13
are some controls that would uh that
00:22:15
would fight back and prevent that type
00:22:17
of an
00:22:19
attack um the next area that we wanted
00:22:21
to get into is uh identity and access
00:22:25
management so um in the identity space
00:22:29
really what we're talking about are all
00:22:31
of those systems and platforms that we
00:22:34
use for access management so whether
00:22:36
that's active directory it could be
00:22:39
Azure ad uh here we're looking at
00:22:42
salepoint and cyber Arc maybe it's a an
00:22:45
IDP like
00:22:47
OCTA um Duo uh so Cisco makes some
00:22:50
identity Services uh identity Services
00:22:53
engine products ice so all of those are
00:22:56
things that are in the identity and
00:22:57
access management space
00:22:59
one of the key controls there is
00:23:01
platform
00:23:02
hardening so let's take ad for instance
00:23:05
obviously ad is always a Target by
00:23:07
attackers so we really want to make sure
00:23:10
that ad is something that's hardened
00:23:12
very well so we want to be able to run
00:23:15
scans against active directory or
00:23:17
against any identity platform and
00:23:19
identify where we might have
00:23:21
vulnerabilities where we might have gaps
00:23:23
and make sure we've got a process to
00:23:24
remediate
00:23:26
those some other controls the identity
00:23:29
and access management space are U
00:23:31
minimum password requirements so for the
00:23:33
accounts that are managed in that space
00:23:35
What are the what are the requirements
00:23:37
around
00:23:38
passwords multiactor authentication
00:23:40
obviously uh a really again a ubiquitous
00:23:43
control multiactor authentication really
00:23:45
you see just about everywhere these days
00:23:48
uh it is a really it's a really good
00:23:50
control as part of a layered approach to
00:23:54
security there's also authorization
00:23:56
controls that you can uh that you you
00:23:58
can apply to an environment so an
00:24:00
example of an authorization control
00:24:02
might be something like um only allowing
00:24:05
a particular device type to access a
00:24:09
particular application so maybe only my
00:24:12
um active directory administrators
00:24:14
should be able to SSH into my active
00:24:17
directory domain controller so that's an
00:24:19
authorization control so authorization
00:24:21
controls are something that uh certainly
00:24:23
are important in a layered security
00:24:27
model another area on the identity space
00:24:30
is offboarding and termination
00:24:32
automation so it's kind of part of
00:24:34
grooming your account infrastructure you
00:24:36
want to be able to uh deactivate
00:24:39
accounts anytime someone no longer works
00:24:41
for the company or no longer has
00:24:43
responsibilities in a particular area no
00:24:45
longer needs those accounts so doing
00:24:47
that in a really timely manner is really
00:24:49
important that's just security risk that
00:24:52
you expose yourself to if we don't
00:24:54
deactivate accounts in a timely manner
00:24:56
if you leave those accounts open for you
00:24:58
know days or weeks or months um that
00:25:00
just opens you to attack not necessarily
00:25:03
even from the employee that's no longer
00:25:05
there but from someone who maybe
00:25:07
potentially stole that password or uh
00:25:10
somehow compromised that account so just
00:25:13
another practice it's that really good
00:25:15
in the identity and access management
00:25:20
space one of the cyber security skills
00:25:23
uh in the identity access management
00:25:25
area is really looking at multiactor
00:25:28
authentication and understanding how
00:25:30
multiactor off Works um how it relates
00:25:33
to single sign on and really the
00:25:35
importance of authentication logging so
00:25:38
one of the logs that we talked about
00:25:40
earlier were authentication logs access
00:25:42
logs so being able to have all of your
00:25:46
access logs uh fed to your incident
00:25:48
response teams and allow them to look
00:25:51
for any suspicious activity and generate
00:25:54
uh alerts or investigations based on
00:25:57
anything that they find in there that's
00:26:00
interesting one of the attack scenarios
00:26:02
for identity and access um and this is
00:26:05
something that's really prevalent in the
00:26:07
industry is uh is credentials
00:26:09
mismanagement so when a threat actor
00:26:11
finds privileged credentials and let's
00:26:14
say this in this case it's a public
00:26:16
publicly exposed git
00:26:18
repository um that gives them a key into
00:26:21
your network that gives you a key gives
00:26:23
them a key into your system so a lot of
00:26:26
a lot of times will find credentials
00:26:29
that are exposed in a repo someplace so
00:26:32
having some credential storage system
00:26:34
that's required um that's an important
00:26:37
control as well as having some ability
00:26:39
to do scanning of repos so we want to do
00:26:42
scanning to see if we find any
00:26:45
credentials that are exposed in a repo
00:26:47
and when we find them having a process
00:26:49
to then go remediate them let's log what
00:26:51
we found and let's go remediate the
00:26:53
issue let's remove that credential from
00:26:55
that repo reset the password and make
00:26:58
sure that we store those credentials in
00:27:00
a uh in a safe SP in a safe
00:27:06
place so moving on to to the third
00:27:08
domain um server and platform so this is
00:27:13
a really uh a really big space as well
00:27:16
so not only are we talking about all the
00:27:19
Enterprise servers so uh windows and
00:27:22
Linux Prim primarily um but we're also
00:27:25
talking about all the platforms and
00:27:27
virtualization envir ments that go along
00:27:28
with those so whether that's on the
00:27:31
container side uh kubernetes or an open
00:27:33
shift it also could just be on the VM
00:27:36
side the virtual machine side with open
00:27:38
stack or
00:27:39
VMware so all those platforms and
00:27:42
systems uh all need to be hardened so
00:27:45
that's a really uh that's a really um
00:27:48
important thing to make sure it's done
00:27:50
consistently across your
00:27:52
environment you also want to make sure
00:27:54
that you've got really good
00:27:55
administrative access control so how do
00:27:57
pro pred users get into those systems
00:28:00
how do they access um really all of
00:28:03
these platforms to do their
00:28:05
administrative functions and do they do
00:28:06
that securely so are they using
00:28:09
multiactor off are they using a jump
00:28:12
server to get in um you know there's a
00:28:13
number of of key controls from an
00:28:16
administ administrative access control
00:28:18
um that are that are really important to
00:28:20
make sure that you're enforcing for all
00:28:22
of your server and platform
00:28:25
environments uh similarly to the device
00:28:28
anti-malware is also a key control here
00:28:29
so making sure that you're running
00:28:30
anti-malware on your servers uh whether
00:28:33
that's amp or something
00:28:36
else and then server inventory so this
00:28:39
is not just an inventory of what servers
00:28:41
you have but an inventory really of the
00:28:44
applications that are running on those
00:28:45
servers what services what binaries even
00:28:49
are installed on those servers so that
00:28:51
you really have a good inventory to work
00:28:53
off of if there ends up being some
00:28:55
vulnerability in a binary then you're
00:28:56
able to use this inventory system to
00:28:59
really see exactly what servers that
00:29:03
affects another area that's really
00:29:05
interesting is server Telemetry of
00:29:07
network traffic so you know on the
00:29:10
network and we'll talk about Network
00:29:11
next but on the network we we typically
00:29:14
use netf flow but on the server side you
00:29:16
can do something very similar so you can
00:29:18
look at all of the Telemetry that's
00:29:20
coming out of a server all the network
00:29:21
traffic that's coming out of a
00:29:23
server so if you use something like a
00:29:26
network visibility module
00:29:28
um it's a Cisco product you can also
00:29:30
look at that same Telemetry for a server
00:29:33
and really then be able to look at
00:29:35
interesting things that might trigger a
00:29:38
an incident response
00:29:42
investigation so on the server and
00:29:44
platform side some key cyber security
00:29:47
skills um are really how do we look at
00:29:50
how to harden a Windows Server a Linux
00:29:53
server uh an open stack platform Etc how
00:29:56
do we how do we evaluate how to harden
00:29:58
those
00:29:59
appropriately so hardening really key
00:30:02
control because that's really what keeps
00:30:04
attackers um to have a much more
00:30:07
difficult job of getting into our
00:30:09
infrastructure let's not make it easy
00:30:11
for them so we want them want it to be
00:30:12
hardened appropriately and we want it to
00:30:14
be assessed really often so we don't
00:30:17
want to just do a once a year assessment
00:30:18
we really want an assessment that kind
00:30:20
of run all the time so whether that's
00:30:22
daily or weekly running those hardening
00:30:25
assessments to make sure you know if
00:30:27
something changes that we able to pick
00:30:30
that up really quickly and then
00:30:31
remediate
00:30:33
it and for an attack
00:30:36
scenario you know uh discovering a
00:30:39
vulnerability in an unpatched system
00:30:41
something that uh is very common right
00:30:44
it uh it really allows an attacker to
00:30:46
then potentially gain access to the
00:30:48
server Elevate privilege and then use
00:30:50
that as a pivot point to then go into
00:30:53
other areas of your network so it's that
00:30:55
entry point for an attacker and again
00:30:58
why we said at the at the top that you
00:31:00
know vulnerability Management program is
00:31:02
really key so that we don't have these
00:31:04
vulnerabilities sitting out there that
00:31:06
might allow an attacker to compromise a
00:31:08
system a server in this case and then
00:31:10
gain access to you know be able to
00:31:12
penetrate your network more
00:31:19
deeply so the network space um is the is
00:31:23
the final area that we'll go into the
00:31:25
final domain that we'll review today uh
00:31:27
and then Network space you know we're
00:31:29
talking about things like routers and
00:31:30
switches certainly but we're also
00:31:32
talking about uh access points wireless
00:31:36
controllers uh certainly things like
00:31:37
firewalls data center Fabrics load
00:31:40
balancers VPN headends so there's a lot
00:31:43
of network infrastructure uh that's
00:31:45
covered in this
00:31:46
one things that are also covered here
00:31:48
would be uh some of the network
00:31:50
controllers like a DNA Center for
00:31:52
instance so those controllers that then
00:31:54
manage uh routers and switches Etc so
00:31:58
those are all part of this
00:32:00
domain so some of the key controls for
00:32:03
the network domain uh zoning and
00:32:05
segmentation so you know historically
00:32:08
Enterprises have really just had kind of
00:32:11
maybe two major zones we've got the
00:32:12
internal Zone and the D andz Zone those
00:32:15
are separated by firewalls typically and
00:32:17
so we get Telemetry off of those
00:32:19
firewalls for the traffic that's passing
00:32:20
between the
00:32:22
zones however in this in this area of
00:32:25
zero trust zoning and segmentation is a
00:32:28
key uh security strategy so really being
00:32:31
able to segment those internal spaces
00:32:33
and even the DMZ spaces into smaller
00:32:35
zones smaller segments and being able to
00:32:38
pick up Telemetry as traffic uh
00:32:41
traverses those segments so that we can
00:32:43
get a lot more visibility into kind of
00:32:45
the east west traffic as it Transit
00:32:47
transits different zones we can also uh
00:32:50
have firewall rulesets and security
00:32:53
policies that really restrict the
00:32:55
traffic that goes between those
00:32:56
different zones so gives us a lot more
00:32:58
granularity a lot more flexibility with
00:33:01
uh how we Implement our access
00:33:03
policies uh device hardening um showing
00:33:06
up again here for sure it's important on
00:33:08
the network side how do you harden your
00:33:11
devices so are we using things like uh
00:33:14
snv
00:33:16
snmpv3 which is uh has an authentication
00:33:18
control versus an snmpv2 which does
00:33:21
not and there's a long list of of
00:33:24
hardening guidelines uh that we can use
00:33:26
for
00:33:28
uh routers and switches and different
00:33:29
type of network
00:33:32
devices uh administrative access
00:33:34
controls uh again an important uh an
00:33:36
important control so being able to
00:33:39
ensure that we've got the right controls
00:33:41
for administrators to access network
00:33:43
infrastructure whether that's limiting
00:33:45
where they can access it from you can
00:33:46
only get in for for administrative
00:33:49
access from um uh from a jump
00:33:53
server uh the ability to use MFA or even
00:33:56
alternate credentials for administrative
00:33:58
access so you can't use your regular
00:34:00
user account you have to use a special
00:34:01
admin account so all of those things
00:34:03
that are part of administrative access
00:34:06
controls and making sure that we've got
00:34:07
a really high level of security around
00:34:10
our admins and privileged access to
00:34:12
network
00:34:14
infrastructure so we mentioned net flow
00:34:16
a little bit earlier that's definitely a
00:34:17
great control here so netf flow and
00:34:20
traffic analysis being able to uh really
00:34:23
pull net flow and network Telemetry off
00:34:25
the network to understand what kind of
00:34:27
traffic is traversing your network and
00:34:30
then being able to do traffic analysis
00:34:31
on that so you know whether we're using
00:34:34
something like um like some of the tools
00:34:37
that we use for uh analyzing net flow or
00:34:42
um you know what whatever whatever tools
00:34:45
it might be that you use there uh those
00:34:47
are really important to find the
00:34:49
interesting controls uh find the
00:34:51
interesting data inside netflow to be
00:34:55
able to then open investigation and say
00:34:57
oh hey we saw
00:34:58
this this interesting thing um happen
00:35:01
and we want our incident response team
00:35:02
to go
00:35:08
investigate so one one thing from a
00:35:11
cyber security skill set that's really
00:35:14
that would be really interesting to uh
00:35:16
to learn and I think really valuable to
00:35:18
learn is is how do we use netf flow to
00:35:21
gain insights into those security issues
00:35:23
so kind of like we were just talking
00:35:24
about how do we get visibility into the
00:35:26
packets that are on the network and what
00:35:28
tools enable us to do that how do we how
00:35:30
do we go Analyze That netf Flow data and
00:35:32
pull out interesting interesting
00:35:35
things and then the attack scenario for
00:35:38
the networking uh domain um you know
00:35:41
when a threat actor is able to brute
00:35:43
force a week
00:35:44
password that that then gives them
00:35:47
administrative access we're making it
00:35:49
really easy for them so when they get
00:35:52
that administrative access many times
00:35:54
they'll use that to sniff Network
00:35:55
traffic and really do a lot of the same
00:35:58
things we were just talking about with
00:35:59
Neto let's look at that Network traffic
00:36:01
and see if there's interesting things in
00:36:02
there that they can use uh in an attack
00:36:06
scenario now enforcing some of these
00:36:09
administrative security measures that we
00:36:10
talked about um whether it's alternate
00:36:13
accounts or MFA or coming in from a jump
00:36:15
post some of those are things that
00:36:17
really can limit what accounts can get
00:36:20
admin access so it makes it much more
00:36:22
difficult uh for to have the risk of
00:36:24
just a Brute Force allowing someone to
00:36:26
have uh ad and access into your network
00:36:33
devices so that's really a walk through
00:36:35
some of the main infrastructure domains
00:36:37
one of the things that I also wanted to
00:36:39
just touch on was that I'm including
00:36:40
some references here for some support
00:36:42
material for some of the content that we
00:36:45
went through today uh I hope you find
00:36:47
hope that everybody finds those
00:36:49
helpful in summary you know that's
00:36:52
really a tour through the major areas of
00:36:55
infrastructure security so talked about
00:36:58
some of the key controls we talked about
00:37:00
some relevant cyber security skills that
00:37:03
really support a career path in this
00:37:06
space and we also talked some about uh
00:37:08
different attack scenarios that are
00:37:10
commonly seen in the industry um I hope
00:37:12
that everybody enjoyed the session today
00:37:14
and uh now I will hand it back to Emma
00:37:17
hey thanks Mike for providing us with a
00:37:19
good understanding of maintaining robus
00:37:21
Network and data center compliance your
00:37:24
insights really demonstrate the pivotal
00:37:27
role of continuous compliance and
00:37:29
advanced security architecture in
00:37:32
protecting our digital
00:37:34
Landscapes we are going to take
00:37:36
questions now from our live audience and
00:37:39
our first question
00:37:42
is and what are the essential skills
00:37:45
needed to be successful as a junior
00:37:48
cyber security analyst and Engineering o
00:37:52
with a focus on infrastructure
00:37:55
security that's a great question
00:37:57
question um you know I think the number
00:37:59
one thing for me is curiosity really um
00:38:03
wanting to understand how things work
00:38:06
whether it's you know how do I how do I
00:38:08
configure security controls on a network
00:38:11
device or uh how do I harden a server
00:38:14
there's so much in the infrastructure
00:38:16
security domain that uh is just
00:38:19
interesting to learn about so that
00:38:21
Curiosity I think is the probably the
00:38:22
main thing that I'd say would be the um
00:38:25
one of the essential skills I think also
00:38:29
um understanding
00:38:31
hardening um the CIS benchmarks are a
00:38:33
great place to go look at how to harden
00:38:35
various types of devices whether it's
00:38:37
you know Windows servers or firewalls or
00:38:40
other endpoints uh so having a look at
00:38:42
the CIS benchmarks for hardening and
00:38:44
understanding hardening controls uh
00:38:46
that's a that's another really good one
00:38:48
an essential skill I think hey thanks
00:38:50
Mike our next question from one of our
00:38:53
viewers is how is network activity
00:38:57
monitored effectively and what
00:38:59
strategies should be employed to analyze
00:39:02
these activities for potential cyber
00:39:04
threats oh yeah yeah that's a good one
00:39:07
too so uh you know I think number one
00:39:10
would be really comprehensive logging so
00:39:13
we talked about kind of the different
00:39:15
kinds of loggings there are lots of
00:39:16
kinds of logs so number one making sure
00:39:18
that those logs are getting sent to your
00:39:20
incident response teams um validating
00:39:23
that they are you know constantly
00:39:25
getting sent and that we don't lose logs
00:39:27
someplace but also identifying in those
00:39:30
logs what's normal and what's not normal
00:39:34
so we we have to be able to let our
00:39:35
incident response teams know that this
00:39:38
is kind of Baseline Behavior this is how
00:39:41
our application performs and you know
00:39:43
when I get a hundred failed login
00:39:46
attempts well that's that's anomalous
00:39:48
Behavior so really being able to
00:39:49
identify that for our IR teams is
00:39:52
important I I think one other would be
00:39:55
um some of the some of the Telemetry
00:39:58
aspects of it so whether it's from
00:39:59
networks or from devices really being
00:40:02
able to get that kind of net flow type
00:40:05
Telemetry and using a tool that gives
00:40:08
you insights into that so whether that's
00:40:10
uh the security network analytics
00:40:12
product The Cisco Mi those was
00:40:14
previously called stealth watch um you
00:40:17
know that certainly does a great job at
00:40:18
looking at that data there's others as
00:40:20
well but having some ability to pull
00:40:22
that Telemetry in and analyze that
00:40:25
Telemetry for again things that are
00:40:26
interesting things that might want to
00:40:27
drive an incident investigation um I
00:40:30
think another you know key thing as far
00:40:32
as monitoring Network
00:40:34
activities hey thanks so much Mike we
00:40:37
have time for just one more question
00:40:38
today and this one has come from Steve
00:40:41
in our audience um so Steve has asked
00:40:44
what are some of the certification and
00:40:46
training
00:40:47
opportunities um that would set us up
00:40:49
for a career in cyber security yeah
00:40:52
that's a great question too um so the
00:40:55
first one that I would uh that I would
00:40:57
say would be um Cisco has a ccst
00:41:00
certification so a Cisco certified
00:41:03
support technician in cyber security so
00:41:07
that'd be a great one I think that's
00:41:09
really relevant and really covers all
00:41:11
the infrastructure domains that we just
00:41:12
talked about uh so that would be really
00:41:15
interesting I think the there are some
00:41:17
others um that ISC squared offers so
00:41:21
there's a
00:41:23
cissp and a ccsp so there's certified
00:41:27
information system security
00:41:29
professional and certified Cloud
00:41:32
security professional um so again those
00:41:35
are both ISC Sears those are both good
00:41:37
they're very broad so you know they
00:41:40
cover uh similarly uh the all the
00:41:43
domains of infrastructure security as
00:41:45
well as others application security
00:41:47
physical security so things we didn't
00:41:48
even get into today um and you know Sans
00:41:53
also has some great certifications so
00:41:55
they've got a Gia Security
00:41:58
Essentials which um again really
00:42:01
relevant very technical getting into the
00:42:03
domain uh get different domains in
00:42:06
infrastructure security uh and really
00:42:08
looking at all the different security
00:42:09
controls that you would really need to
00:42:12
be able to fend off attackers across
00:42:14
your infrastructure so I think I think
00:42:16
all of those would really be great
00:42:18
starts you know I'll tell you there's a
00:42:20
lot of certifications out there and I
00:42:21
think that um you probably can't go
00:42:23
wrong uh you know you just really want
00:42:26
to look at something that you're
00:42:27
passionate about that you're really
00:42:29
interested in that has uh you know some
00:42:32
some real interest for you and uh really
00:42:36
learn about that domain and then go go
00:42:39
see if you can get a um go see if you
00:42:41
can uh get a certification in that area
00:42:44
there's a lot to choose from so I think
00:42:46
those would probably be kind of my top
00:42:48
three or four though fantastic thanks so
00:42:51
much Mike and sadly that's all we have
00:42:53
time for today a big thank you to our
00:42:56
speakers Joseph and Mike for diving in
00:42:58
to the depths of cyber security with us
00:43:00
today we appreciate you taking the time
00:43:02
out of your busy schedules to be with us
00:43:05
on our virtual stage today sharing your
00:43:08
invaluable
00:43:09
insights your feedback is important to
00:43:12
us please complete the survey by
00:43:14
scanning the QR code on the screen and
00:43:16
you will receive a certificate of
00:43:21
participation join our next session in
00:43:24
the find yourself in the future series
00:43:26
and we'll explore threat monitoring the
00:43:29
art of cyber vigilance with Daniella
00:43:32
Splunk senior technical content
00:43:35
developer to register scan the QR code
00:43:39
on the screen so we can't wait to see
00:43:42
you there and continue our journey into
00:43:44
the world of cyber security thanks for
00:43:46
joining us today stay safe and we will
00:43:49
look forward to seeing you at our next
00:43:51
event enjoy the rest of your day bye for
00:43:53
now
00:43:55
[Applause]

Tag

Cisco Security
Cybersecurity
Infrastructure Security
Threat Prevention
Cyber Resilience
Cybersecurity Training
Job Market
Security Solutions
Tech Talks
Security Certifications