Page 76 - Cyber Defense Magazine RSA Edition for 2021
P. 76

•    Cyber  Defense  Forensics  Analyst: Analyzes  digital  evidence  and  investigates  computer
                   security  incidents  to  derive  useful  information  in  support  of  system  and  network  vulnerability
                   mitigation.

            While this is just a snapshot, each role requires extensive experience in cyber security and a combination
            of hard and soft skills — from software engineering and programming, computer and network forensics,
            network infrastructure management, and threat analysis to critical thinking, problem-solving, fast and
            strategic reaction, attention to detail, and the desire to learn — it’s a long list, driven by the complexity of
            cyber security.

            If you need more convincing of the human intelligence required to defend IT infrastructures, applications,
            devices,  and users, look back  at  December  2020’s  massive  SolarWinds  supply  chain  attack,  or  the
            Exchange vulnerabilities patched by Microsoft in March.

            In the case of SolarWinds, threat actors introduced a backdoor to Orion customers by modifying binaries
            supplied  by  SolarWinds  in  a  supply  chain  attack  that  impacted  more  than  33,000  global  customers.
            Following the installation of this backdoor, the attackers were able to gain access to networks of interest
            and  leverage  additional  capabilities,  such  as  compromising  code  signing  certificates  and  forging
            authentication tokens — notoriously difficult to detect by even the most skilled security practitioners. The
            attack went undetected for months, enabling the threat actors to collect valuable intelligence from private
            companies,  as  well  as  U.S.  agencies  that  included  the  Department  of  Homeland  Security  and  the
            Treasury Department.

            In the Microsoft Exchange incident, attackers actively exploited four zero-day vulnerabilities in Exchange
            Server.  This  left IT teams scrambling  to  patch systems and required incident  response experts to
            develop tools and techniques to assess the impact and verify integrity following the compromise. During
            the  event,  security  teams  had  to  stay  on  top  of the  advice  and  guidance  continuously  updated
            from Microsoft and government agencies, while racing against malicious actors who were working to
            weaponize the exploits for ransomware.

            These are both examples of security events that required deep expertise in cyber security forensics and
            incident response in order to act quickly and accurately to assess the impact to businesses.

            The reality is, your immediate, or outsourced team, should have the cyber security training and expertise
            to understand attack techniques, threat behavior, the scope and severity of each new threat as it arises,
            the potential impact to your organization, and how to react quickly and effectively to mitigate active threats
            or  risks.  Teams  should  also  bring  the  skills  to  evaluate  and  manage  the  technologies  powering  an
            organization’s  threat  defense — whether  that  is  hands-on  engineering  and  software  development  or
            hiring outsourced experts that add this value.






                                                                                                              76
   71   72   73   74   75   76   77   78   79   80   81