1.7 Summarize the techniques used in security assessments. Flashcards
Non-intrusive scan
Gathers info but does not exploit the vulnerability
intrusive scan
You will try the vulnerability via a pen test
What searches for known web exploits, such as SQL injection and cross-site scripting (XSS).
web application scanner
common vulnerability scoring system (CVSS)
a metric score between 0 to 10 based on the characteristics of the vulnerability, such as whether it can trigger remotely or if it requires user intervention.
determines whether a computer meets a configuration baseline
Security content automation protocol (SCAP).
Perform configuration reviews to ensure the system is secure and ready for production.
techniques with security information, event management (SIEM), and threat analytics platforms. Analysts can develop queries and filters to correlate threat data from these systems.
intelligence fusion
Threat feeds
notifications of current and new threats may initiate updates to security policies and even signatures, to ensure security administrators can monitor those threats.
Maneuver
In a defensive maneuver, an analyst can perform passive discovery techniques so that threat actors have no hint that the analyst has discovered an intrusion.
normalizing data from different sources so that it is consistent and searchable
log aggregation
tool that allows for a centralized collection of events from multiple sources
Syslog collector
Security orchestration, automation, response (SOAR)
a solution to the volume of alerts overwhelming an analyst’s ability to respond. It analyzes an organization’s store of security intelligence and uses deep learning techniques to automate and provide data enrichment to improve incident response and threat hunting workflows.
Name examples of data inputsintoa SIEM that can help determine health and /or security of an individual client computer.
Windows 10 Host, Vulnerability scanner, DLP Systems
Sentient Analysis
machine learning technique of log analysis to identity intent. This can be used, for example, to monitor social media for brand “incidents,” such as a customer complaining on Twitter about poor service.
