Threats are constantly evolving, and just like everything else, tend to follow  certain trends. Whenever a new type of threat is especially successful or  profitable, many others of the same type will inevitably follow the best defenses  need to mirror those trends so users get the most robust protection against the  newest wave of threats. Hi, folks. My name is Arya, and today we are going to  talk about cybersecurity tools that have stood still through thick and thin against  various kinds of cyber attacks. Since there are a multitude of tools spread out  across various domains of cybersecurity, we are going to talk about one tool  from each domain. So let's begin without wasting much time. So first on our list  is blue vector. Now network security programs and human IT operators who  manage them are under constant threat. New attack techniques like malware  deployed without files us straining resources and testing defenses in two critical  ways. First, brand new threats and attack techniques often have at least a small  window of time when they can bypass some defenses before defender catches  up second, even if critical threat like zero day malware are stopped, the constant siege of attackers means that defenders are likely to get overloaded by both real alerts and false positives. One possible solution that has only recently become  an option is tasking machines and computers with protecting themselves. If a  security program could be programmed to think that act like an analyst, then it  could try and counter malware and human back intrusion at machine speed, a  move that would give defenders a serious home court advantage. This is exactly what blue vector defense tries to do. Blue vector works almost right away, but  also has deep machine learning capabilities. So it gets even smarter over time,  it will learn the intricacies of each network that deploys it, tweaking its algorithms and detection engines in a way that makes more sense for the environment.  Blue vector is installed as either a hardware based network appliance or as a  virtual machine. It can operate in line with network traffic, stopping and  remediating threats in real time as they attempt to enter a protected space, or as a retrospective tool that can scan the work performed by other programs and  analysts, catching threats that they might have missed and recommending fixes. It is designed to work with all IP v6 traffic as well as older IP v4 streams, so it  can operate in environments that are rich in Internet of Things and supervisory  control and data acquisition devices, such as those in industrial and  manufacturing settings, as well as for normal office type environments. So that  was it for view vector. Next up on our list of cyber security tools is bricata. These days, even the most basic cyber security defenses for any medium to large  enterprise will include an intrusion prevention system or an intrusion detection  system, even by itself, a well tuned IPS/IDS system that is constantly monitored  by security teams will catch most network problems and security breaches.  However, the fact that many organizations stop there has led to an uptick in  successful attacks designed specifically to operate in IDs blind spots. This is  where bricata platform comes into play. At its core, bricata offers advanced 

IPS/IDs protection with multiple detection engines and threat feed to defend  network traffic and core assets, but it goes a step further, adding the ability to  launch threat hunts based on events or simple anomalies, this would enable an  organization to begin network level threat hunting using the same staff and tools  they are already using for IPS monitoring. It would be a good step in the right  direction towards better protection without the pain of installing additional  programs or retraining staff. Looking first at bricata as a pure IDS system, it is  deployed as a physical or virtual appliance that serves as the main collator point and user interface. This in turn, links up to network sensors that are deployed at  network choke points to capture traffic data, while bricata sensors will almost  always be deployed at network gateways. They can additionally be placed  around core assets of internal points by network traffic flow to give platform  visibility into horizontal movements or potential threats. Now that takes care of  intrusion detection. Up next on our list of tools is cloud defender by alert logic  compared to traditional servers and client architectures, cloud computing is the  new kid on the block. While cyber security best practices are similar within a  cloud environment, many of the vulnerabilities and specific threats that target  the cloud are different as such, even organizations with deep cyber security  teams that may need a little help when moving large chunks of their computing  infrastructure to the cloud. That is the whole idea behind cloud defender, from  alert logic designed from the ground up as a way to provide protection to web  applications, critical data and everything else running or stored within an  organization's cloud. There is a whole sliding scale of support available at the  low end, cloud defender is a user friendly tool that would enable local IT staff to  inspect the cloud deployment, to look for evidences or hidden threats or  breaches. At the other extreme, the 200 person cyber security team at alert logic can take over most cloud based cyber security functions, offering monitoring,  advising and logging of events in a software as a service model when used as a. SaaS alert logic will do everything short of remediating problems. Most  organizations are probably want to use Cloud defender as some combination of  both SaaS security and as a tool to aid their local team. The platform is  configured for this and making all logs and information collected by the program  available at least for a year to local IT staffers. Cloud defender works with any  cloud environment, including Amazon Web Services, Microsoft, Azure, Google  Cloud services, vmwares and others. There is no difference in pricing based on  the cloud environment. Pricing is totally based on the number of nodes you  being protected and the size of the log files being analyzed. Up next on our list  of tools is cofense triage, which works as a phishing defense tool, one of the  most popular and quickest ways for attackers to enter a network these days is to trick a user into taking an action, whether installing malware or providing their  login credentials. And if they pretended to be a company official, a business  partner or a family friend, their chances of success skyrockets phishing email 

run the game from clumsily work sweepstakes type scams all the way up to  highly researched and targeted campaign designed to attack a handful of key  people at an organization. Yet despite the danger they pose, most organizations  have little or no defense against them. Back in 2008 when the original Phishme  product was deployed, which was also the name of the company at the time,  there was also very low awareness of the danger that these types of email  represented the Phishme simulation was created to allow network  administrators and security personnels to craft their own phishing emails to train  users about the dangers sometimes hidden in mail messages. As an  organization, Phishme has moved its focus away from pure education into threat remediation. Even the company's name is changing from Phishme to cofence,  which is a combination of collaborative and defense, one of the first cofence  branded products. Triage takes email reported by users as suspected phishing,  and helps to manage responses. In one sense, the Phishme product helps to  make users more adept at spotting phishing scams, while triage creates a way  for organizations to tap into newfound skill set that the employees should have  learned the next tool in our list deals with application security, which is basically  the convergence of endpoint security, network security and content security. As  you guys can see, the name of the tool is contrast security, which is actually a  suit of tools. Now, as such, cyber security programs tend to look at the problem  of defense from a lot of different angles, with expectations that enterprises will  employ several different type of security at the same time. This has led to a  different problem, alert fatigue setting in on IT teams as all of those programs  sound the alarm many times and all the time. The contrast security suit aims to  change that trend in two important ways. First, it takes one of the critical aspects of cyber security today that is application security, and condenses it into a single program that can protect apps from the time of development first, begins all the  way through the deployment and their full life cycle. Second, because contrast,  security embeds agents inside each app that is protecting essentially becomes a part of the program. There is almost no chance of a false positive. In fact, it  scored a rare 100% on the Overall security benchmark, passing over 2000 tests  without generating any false positives. The secret sauce for contrast security is  use of bytecode instrumentation, a feature in Java used to help integrate  programs and application features during development only here, contrast  Security uses it for the purpose of cyber security, specifically embedding an  agent into an application which will thereafter be directly monitored and  protected from the inside out. In a sense, it turns any type of normal application  into one that is designed to focus on security, but don't worry, all the normal  business focused task of the app will still function. So next on our list of tools is  Digital Guardian. In recent years, advanced threats have been increasingly  targeting endpoints. This makes sense, because endpoint security has  traditionally been the realms of signature based antiviruses, technology that has 

proven to be inadequate protection against targeted and highly advanced  malware campaigns. That is where Digital Guardian, threat aware data  protection platform comes in with most endpoint security programs. Protection is delivered through the creation of rules. Behavior that breaks the rules of the  network is considered a suspect and is blocked, flagged, or otherwise becomes  a subject of a security alert. One of the biggest problems with this method is that security is only as good as the rule set. Administrators either must carefully craft  rules based on their own expertise, or set a protection program into learning  mode for several weeks or months while it discovers good network behavior and crafts rules restricting everything else. The Digital Guardian platform, by  contrast, comes ready to use pre loaded with 1000s of best practices rules  based on years of experience working in the field, and after a quick data  discovery process, those rules are tailored to the specific network that it is  protecting. This is all done nearly instantaneously, so that when agents are  deployed, they can immediately begin protecting endpoints with good security  policies. Next on our list of cyber security tools, we have intellect up there are  important distinctions between compliance and. Security, they are meant to be  mutually supporting with compliance rules put in place to provide a good  security baseline, but it's possible to be completely in compliance with all  applicable regulations and still not be adequately secure. The reverse is also  true. If an organization has deep security but it's still not technically in  compliance with applicable regulations. Should a data theft occur, they will likely  still be held responsible, sometimes financially, because of the lack of  compliance. And just like compliance and security are similar, but different, so  too are the skill set used to implement them. Organizations can have a deep IT  or cyber security staff that is unskilled with compliance issues or unpracticed in  knowing exactly which regulations apply. That is where the intellect the platform  from tech democracy shines. The Platform acts like a security, information and  event management console, but for compliancy issues, installed either as an on  premise or cloud based console, it pulls information from a series of network  collectors and correlates that data into continuously monitored compliancy  dashboard. It's a neat tool that every company should have. Up next on our list  of tools, we have the mantix four, which is pretty interesting tool, in my opinion,  given the insidious nature of advanced threats, it's almost a certainty that every  organization of any size will eventually be hacked or compromised, regardless  of what or how many cyber security defenses are in place in response the  somewhat new concept of threat hunting is becoming an increasingly important  part of cyber security defenses. The mantix Four platform, named after the apex  predator of the insect kingdom, the praying mantis, seeks to solve the people  problem, while the program provides robust threat hunting tools for use by  clients. The company also employs a team of experts to hunt on their behalf. It  takes threat hunting into the software as a service realm. Mantex Four was 

originally designed for the Canadian government's Department of Public Safety,  which is the equivalent of the Department of Homeland Security in the United  States. In Canada, mantex four helps to defend networks sitting in 10 sectors  considered critical infrastructure, rooting out sets that might bypass more  traditional protection. The system is deployed as two components. The first part  is comprised of observer sensors that sit at critical points within a protected  network, either alongside routers or at network gateways. Though they can be  deployed almost anywhere depending on the need, the sensors are lightweight  enough to be housed inside a virtual machine or within a network server with  additional bandwidth. However, because the observer sends a process and  record a lot of traffic, the best deployment is probably going to be a small  appliance that hosts nothing else, something the company provides the sensors  can be set to work in line or to passively sniff network traffic. Now, the last tool  that we're going to discuss for today is a pretty important tool, also, in my  opinion, and it covers a very important aspect of any industry level cybersecurity plan that is traffic analysis. Network traffic analysis tools have been used for a  long time to help improve efficiencies in enterprise network, locating unused  capacity bandwidth and eliminating choke points, it has recently been employed  as an arms of cybersecurity too. That makes sense, given that, except for  insider threats, attacks are going to be initiated and ultimately controlled by  outside elements. The communication between the internal threat malware and  its controllers on the outside are captured by traffic analysis tools. The problem  is that while the logic of using traffic analysis and cyber security is solid, the  reality is a bit different. For one even a small to medium sized enterprise is going to generate three or 4 billion traffic logs per month without computerized  assistance, no human is going to be able to wade through that and find anything meaningful. Second, capturing all that data traditionally requires the installation  of network traps on gateways across the network. For an organization with  branch offices or remote locations, the number of traps installation can climb  pretty high, and even then, some traffic may escape around those gateways.  SecBI has fielded new software that aims to eliminate both of those problems,  volume processing of data for actionable intelligence threat and a reliance on  network trapping hardware. They have done this by deploying their analyzer as  a software module capable of running on premise or in the cloud. It only looks at the log files, so there is no need for any network traps agents on the clients or  anything beyond access to the constantly generated log files. It then crunches  those billions of events in the logs using finely tuned algorithms that look for  patterns associated with an ongoing attack or an advanced persistent threat. It  can be deployed with as a pay as you go contract where users only pay based  on how many gigabytes of log file data they need to process per day. Okay,  guys, that was it from me for today. I hope you all learned something new about  all these types of cybersecurity tools. Thank you and goodbye. I hope you have 

enjoyed listening to this video. Please be kind enough to like it, and you can  comment any of your doubts and queries, and we will reply them at the earliest.  Do look out for more videos in our playlist and subscribe to Edureka channel to  learn more. More Happy Learning. 



最后修改: 2025年01月27日 星期一 08:13