WEBVTT 1 00:00:00.000 --> 00:00:02.600 All right, let's jump into a deep dive on cybersecurity. 2 00:00:02.919 --> 00:00:05.599 We've got this book here covers a ton of ground 3 00:00:06.120 --> 00:00:10.199 latest threats, malware trends, all the strategies we need. It's 4 00:00:10.240 --> 00:00:14.240 like a crash course to understand cybersecurity, build up your defenses, 5 00:00:14.480 --> 00:00:17.359 protect your data, whether it's personal stuff or for a 6 00:00:17.359 --> 00:00:18.199 whole organization. 7 00:00:18.519 --> 00:00:20.879 Yeah, you know, it's a landscape that's always changing. One 8 00:00:20.920 --> 00:00:24.000 thing that's interesting is how much cybersecurity has become like 9 00:00:24.079 --> 00:00:27.559 this global thing, business politics. It's all tied in. We're 10 00:00:27.559 --> 00:00:30.359 talking about an industry, by the way, projected to be 11 00:00:30.399 --> 00:00:33.119 worth get this, three hundred and seventy five billion dollars 12 00:00:33.200 --> 00:00:34.200 by the end of the decade. 13 00:00:34.280 --> 00:00:37.799 Wow, that's a serious number. But I guess it makes 14 00:00:37.840 --> 00:00:40.079 sense though. We rely on tech for so much these days, 15 00:00:40.280 --> 00:00:44.079 and our book here dives right into those cybersecurity week points, 16 00:00:44.079 --> 00:00:46.119 the things we got to be aware of. Honestly, I 17 00:00:46.159 --> 00:00:49.359 was surprised how often systems get compromised through like really 18 00:00:49.399 --> 00:00:50.039 simple stuff. 19 00:00:50.119 --> 00:00:54.640 Yeah, totally unpatched vulnerabilities. That's a big one. Security misconfigurations, 20 00:00:54.759 --> 00:00:57.640 especting those systems that are like Internet facing social engineering. 21 00:00:57.679 --> 00:01:00.600 Can't forget that. Insider threats and of course, the classic 22 00:01:00.640 --> 00:01:02.039 week or stolen credentials. 23 00:01:02.240 --> 00:01:04.159 You know, it's kind of scary how easy it is 24 00:01:04.200 --> 00:01:06.959 to leave a door open to your data just by 25 00:01:07.159 --> 00:01:08.120 overlooking a setting. 26 00:01:08.239 --> 00:01:10.400 You know, it really is. It's like leaving your front 27 00:01:10.439 --> 00:01:13.359 door unlocked. Maybe you think you live in a safe neighborhood, 28 00:01:13.519 --> 00:01:16.760 but why even take the risk? Right? And these misconfigurations 29 00:01:16.760 --> 00:01:22.200 they're often in like super critical systems, web servers, databases, 30 00:01:22.400 --> 00:01:24.359 the stuff that holds all the important info. 31 00:01:24.640 --> 00:01:26.519 And it's not just about outside threats, is it. 32 00:01:26.640 --> 00:01:29.959 Nope, definitely not. Insider threats can be just as bad, 33 00:01:30.079 --> 00:01:30.799 if not worse. 34 00:01:31.200 --> 00:01:32.920 What do you mean by that, Well, think about it. 35 00:01:33.000 --> 00:01:37.200 Someone inside an organization, they might have totally legitimate access 36 00:01:37.239 --> 00:01:41.359 to sensitive data, but they decide to misuse it, or 37 00:01:41.560 --> 00:01:45.599 maybe they unintentionally create a vulnerability, you know, being careless 38 00:01:45.640 --> 00:01:48.439 with those security protocols. And then there's the case where 39 00:01:48.480 --> 00:01:51.879 someone's credentials get stolen used by an attacker. Happens more 40 00:01:51.879 --> 00:01:52.560 than you'd think. 41 00:01:52.760 --> 00:01:54.920 So it's not just about building walls around the data. 42 00:01:54.959 --> 00:01:57.200 It's also about who has the keys and what they 43 00:01:57.239 --> 00:02:00.599 can do with them. Speaking of access, the book mentions 44 00:02:00.680 --> 00:02:04.319 multi factor authentication MFA. Right, that's supposed to be like 45 00:02:04.359 --> 00:02:06.280 a big help. Is it the silver bullet, the thing 46 00:02:06.280 --> 00:02:07.120 we've been waiting for? 47 00:02:07.879 --> 00:02:10.479 You know? MFA is definitely a good step, adds that 48 00:02:10.520 --> 00:02:13.159 extra layer, which is great, But like any security measure, 49 00:02:13.240 --> 00:02:17.360 it's not perfect. Older systems they often don't even support MFA, 50 00:02:17.800 --> 00:02:21.039 and some attackers they've figured out ways to bypass certain types. 51 00:02:21.080 --> 00:02:22.759 Think of it like a strong lock on your door 52 00:02:23.240 --> 00:02:26.639 deters most people, but a really determined thief they might 53 00:02:26.680 --> 00:02:27.520 still find a way in. 54 00:02:27.919 --> 00:02:30.479 So valuable tool, no doubt, but not a reason to 55 00:02:30.479 --> 00:02:33.960 get complacent. Now there's something I found really interesting, threat intelligence. 56 00:02:34.000 --> 00:02:37.520 This idea of using data on attackers. They're tactics, techniques, 57 00:02:37.560 --> 00:02:41.719 procedures all that. The book calls it CTI Cyber threat intelligence. 58 00:02:42.439 --> 00:02:44.680 Seems like having that kind of intel would be a 59 00:02:44.680 --> 00:02:45.840 game changer, right. 60 00:02:45.800 --> 00:02:49.719 Oh, it absolutely can be. CTI. It lets security teams 61 00:02:49.759 --> 00:02:53.680 move from like reacting all the time to being more proactive. 62 00:02:53.879 --> 00:02:56.400 It's like having a playbook on your opponent before the 63 00:02:56.400 --> 00:02:59.080 game even starts. You can anticipate what they might do 64 00:02:59.400 --> 00:03:01.080 and build your fences around that. 65 00:03:01.080 --> 00:03:02.800 That's a great way to put it. But where do 66 00:03:02.800 --> 00:03:05.680 you even start with all this? CTI seems like it 67 00:03:05.719 --> 00:03:07.479 could be massive amounts of data. 68 00:03:07.800 --> 00:03:11.280 You're right, it can be pretty overwhelming. One resource the 69 00:03:11.319 --> 00:03:16.680 book mentions is the MITE att and CK framework. Think 70 00:03:16.680 --> 00:03:18.840 of it like a giant database. It's got all these 71 00:03:18.919 --> 00:03:23.240 attacker tactics techniques along with ways to mitigate them. Really 72 00:03:23.240 --> 00:03:27.479 good starting point to understand how attackers actually operate. So 73 00:03:27.479 --> 00:03:31.599 it's like the cybersecurity Encyclopedia exactly helps you categorize understand 74 00:03:31.639 --> 00:03:34.280 different attack approaches. But the book makes a point of saying, 75 00:03:34.759 --> 00:03:37.639 be careful about where you get your CTI from. Not 76 00:03:37.719 --> 00:03:39.240 all information is created equal. 77 00:03:39.560 --> 00:03:41.439 That's true. You wouldn't want to base your whole security 78 00:03:41.479 --> 00:03:44.840 strategy on bad intel. So you've got your threat intelligence, 79 00:03:44.879 --> 00:03:47.439 you're getting into the attacker's mindset. How do you actually 80 00:03:47.520 --> 00:03:49.120 use all that knowledge put it into action. 81 00:03:49.479 --> 00:03:53.000 That's where vulnerability management comes in. It's all about finding 82 00:03:53.039 --> 00:03:56.800 and fixing weaknesses in your systems, your software before the 83 00:03:56.800 --> 00:03:59.800 attackers can exploit them. The book points to a couple 84 00:03:59.879 --> 00:04:02.919 key key resources, the Common Vulnerabilities and Exposures List, that's 85 00:04:02.919 --> 00:04:06.560 the CVE list, and then there's the National Vulnerability Database 86 00:04:06.680 --> 00:04:07.159 or MBD. 87 00:04:07.319 --> 00:04:09.759 I'm guessing there are a ton of vulnerabilities. 88 00:04:09.120 --> 00:04:12.719 Out there you're telling me. Just in twenty twenty two alone, 89 00:04:12.759 --> 00:04:18.360 there were on average, sixty nine new vulnerability disclosures every 90 00:04:18.360 --> 00:04:19.079 single day. 91 00:04:19.079 --> 00:04:22.279 Sixty nine a day. Wow. How does security teams even 92 00:04:22.360 --> 00:04:22.959 keep up with that? 93 00:04:23.079 --> 00:04:25.639 It's a constant battle. The book talks about different approaches 94 00:04:25.759 --> 00:04:28.759 organizations take. So I try to patch everything asp Others 95 00:04:28.759 --> 00:04:31.160 focus on the most severe vulnerabilities or the ones that 96 00:04:31.199 --> 00:04:33.920 are actively being exploited based on their threat intel. 97 00:04:34.000 --> 00:04:38.040 You know, so using threat intelligence to prioritize patching, that's 98 00:04:38.040 --> 00:04:40.720 a smart way to focus where it matters most exactly. 99 00:04:40.759 --> 00:04:43.279 It's about understanding you can't do everything at once. Got 100 00:04:43.319 --> 00:04:46.000 to make strategic decisions where to allocate resources. 101 00:04:46.319 --> 00:04:50.680 Okay, so we've got vulnerabilities, threat intelligence. Now let's talk 102 00:04:50.680 --> 00:04:54.560 about malware. Term gets thrown around a lot, but it 103 00:04:54.639 --> 00:04:57.240 seems like it's always changing. What's interesting to me is 104 00:04:57.959 --> 00:05:02.519 how the way we distribute software actually impacts how malware spreads. 105 00:05:02.720 --> 00:05:05.240 Yeah, and the book uses Windows as a prime example. 106 00:05:05.600 --> 00:05:08.360 Because it's so widely used, it's become a huge target 107 00:05:08.439 --> 00:05:11.279 for malware developers. Like a popularity contest. 108 00:05:11.279 --> 00:05:13.560 You don't want to win, right, The bigger you are, 109 00:05:13.759 --> 00:05:15.959 the bigger, the target on your back yeah, But before 110 00:05:15.959 --> 00:05:17.759 we go too deep, can you give us a quick 111 00:05:17.800 --> 00:05:19.519 rundown of the different types of malware. 112 00:05:19.639 --> 00:05:22.920 Sure, you got your classic viruses they attached to other programs, 113 00:05:22.959 --> 00:05:25.439 spread that way. Then there's worms, those can spread on 114 00:05:25.480 --> 00:05:30.199 their own across networks, Trojans those disguise themselves as legitimate software, 115 00:05:30.199 --> 00:05:33.480 but they deliver a nasty payload. And of course ransomware 116 00:05:33.680 --> 00:05:35.519 can't forget that one. It's become a huge problem. 117 00:05:35.639 --> 00:05:37.879 Ransomware's the one I hear about the most. Seems like 118 00:05:37.879 --> 00:05:39.959 every other week there's a new attack. In the headlines. 119 00:05:40.439 --> 00:05:42.560 It's evolved. You know. It used to be just about 120 00:05:42.639 --> 00:05:46.519 encrypting files and demanding money, but now attackers are using 121 00:05:46.560 --> 00:05:49.399 all sorts of tactics to extort money. Makes it even 122 00:05:49.439 --> 00:05:53.040 more dangerous. There was this interesting example in the book 123 00:05:53.480 --> 00:05:57.079 about a vulnerability in Windows Remote Desktop services back in 124 00:05:57.120 --> 00:06:00.000 twenty nineteen. Experts said it could have been as bad 125 00:06:00.399 --> 00:06:02.879 Want to Cry if it had been exploited more widely. 126 00:06:03.120 --> 00:06:05.839 I remember Wanna Cry. That was a global mess. It 127 00:06:05.839 --> 00:06:08.240 sounds like we're constantly playing ketchup with these attackers. 128 00:06:08.319 --> 00:06:10.959 It's a constant arms race, that's for sure. But here's 129 00:06:10.959 --> 00:06:14.000 the thing. The threat landscape. It's not the same everywhere. 130 00:06:14.160 --> 00:06:18.040 The book goes into regional malware trends. Turns out encounter 131 00:06:18.160 --> 00:06:20.519 rates and infection rates. They can vary a lot from 132 00:06:20.560 --> 00:06:21.639 country to country, so. 133 00:06:21.639 --> 00:06:23.680 Some parts of the world are riskier than others when 134 00:06:23.720 --> 00:06:25.240 it comes to malware exactly. 135 00:06:25.399 --> 00:06:29.079 For example, the book highlights how Japan and Finland consistently 136 00:06:29.120 --> 00:06:31.959 have the lowest encounter and infection rates, while countries like 137 00:06:32.000 --> 00:06:35.040 Pakistan and Indonesia they've seen some big increases. It's a 138 00:06:35.079 --> 00:06:38.639 mix of factors, you know, software piracy rates, security practices, 139 00:06:39.079 --> 00:06:41.639 the types of malware that are common in different regions. 140 00:06:41.920 --> 00:06:43.160 It all plays a role. 141 00:06:43.360 --> 00:06:48.319 So each region has its own unique cybercrime ecosystem. Fascinating. Okay, 142 00:06:48.399 --> 00:06:50.879 let's zoom out a bit talk about attacker methods in general. 143 00:06:51.240 --> 00:06:53.800 What are the most common tactics they're using these days. 144 00:06:54.079 --> 00:06:58.279 The book really focuses on three fishing, drive by downloads, 145 00:06:58.319 --> 00:07:02.040 and dedos attacks. These tactics they've evolved over time, become 146 00:07:02.040 --> 00:07:03.600 more sophisticated, more effective. 147 00:07:03.839 --> 00:07:07.279 I've definitely gotten my fair share of phishing emails. It's 148 00:07:07.319 --> 00:07:09.279 amazing how convincing some of them can be. 149 00:07:09.839 --> 00:07:13.759 Phishing works because it preys on human nature attackers. They 150 00:07:13.800 --> 00:07:17.600 exploit our trust, our tendency to make mistakes, especially when 151 00:07:17.600 --> 00:07:20.199 we're busy or distracted, and there are just so many 152 00:07:20.240 --> 00:07:23.480 phishing websites out there, it's a constant threat. There's actually 153 00:07:23.480 --> 00:07:27.399 a correlation the book found between a country's malware infection 154 00:07:27.519 --> 00:07:30.160 rate and the number of phishing sites hosted within its 155 00:07:30.199 --> 00:07:31.240 country code domain. 156 00:07:31.519 --> 00:07:33.839 That's a scary thought. So it's not just about having 157 00:07:33.879 --> 00:07:38.000 strong tech defenses. It's about educating users, raising awareness about 158 00:07:38.040 --> 00:07:39.399 these social engineering tactics. 159 00:07:39.480 --> 00:07:41.560 You got it. Human error is often the weakest link 160 00:07:41.560 --> 00:07:42.000 in the chain. 161 00:07:42.079 --> 00:07:44.639 What about drive by downloads? Those sound pretty sneaky. 162 00:07:44.879 --> 00:07:47.360 They are. Drive by downloads happen when you visit a 163 00:07:47.360 --> 00:07:51.399 compromised website and malicious software gets installed on your computer 164 00:07:51.720 --> 00:07:55.360 without you even knowing. It often exploits vulnerabilities in your 165 00:07:55.399 --> 00:07:57.639 web browser or plugins, so. 166 00:07:57.639 --> 00:07:59.759 You could be on a totally normal looking website and 167 00:07:59.759 --> 00:08:00.560 get infected. 168 00:08:00.759 --> 00:08:03.720 It happens. It's a reminder to be careful online. Even 169 00:08:03.839 --> 00:08:07.480 reputable websites can be risky if your browser or plugins 170 00:08:07.480 --> 00:08:08.759 are outdated. 171 00:08:08.399 --> 00:08:12.199 And then there's dedos attacks Those can take down whole websites, 172 00:08:12.279 --> 00:08:15.399 online services. It seems like they're often used for extortion too. 173 00:08:15.639 --> 00:08:18.879 You're right, In a DEDOS attack, attackers flood a target 174 00:08:18.920 --> 00:08:23.240 with traffic, overwhelm it, servers make it unusable for legitimate users. 175 00:08:23.279 --> 00:08:25.800 And yeah, sometimes they'll threaten to launch a DEDOS attack 176 00:08:26.040 --> 00:08:27.319 unless a ransom is paid. 177 00:08:27.399 --> 00:08:30.240 So it's a powerful tool for cyber criminals, disrupts and 178 00:08:30.319 --> 00:08:32.960 makes money. We've talked a lot about the bad guys, 179 00:08:33.200 --> 00:08:35.159 but what about governments? What role do they play in 180 00:08:35.200 --> 00:08:35.440 all this? 181 00:08:35.840 --> 00:08:38.840 Governments they have a really complex role in cybersecurity. They 182 00:08:38.840 --> 00:08:44.159 can be standards bodies, regulators, enforcers, protectors, and even potential 183 00:08:44.200 --> 00:08:45.120 threats themselves. 184 00:08:45.200 --> 00:08:47.559 That's quite a range. So governments can be both allies 185 00:08:47.600 --> 00:08:49.240 and adversaries. 186 00:08:48.879 --> 00:08:52.639 Exactly, and the book dives into those different perspectives how 187 00:08:52.799 --> 00:08:57.799 CISOs chief information security officers view governments. It's a complex 188 00:08:57.879 --> 00:08:58.919 relationship for sure. 189 00:08:59.159 --> 00:09:03.200 So on one hand, and government set standards, enforce rules, 190 00:09:03.399 --> 00:09:07.200 help protect critical infrastructure, but on the other they could 191 00:09:07.200 --> 00:09:10.320 pose a thread, especially when it comes to data access 192 00:09:10.360 --> 00:09:11.080 and surveillance. 193 00:09:11.159 --> 00:09:13.919 It's a delicate balance, super important in the digital age. 194 00:09:14.200 --> 00:09:17.440 The book talks about three scenarios related to government access. 195 00:09:17.480 --> 00:09:18.480 What are those exactly? 196 00:09:18.639 --> 00:09:22.159 Okay, so first you've got signals intelligence that's gathering intel 197 00:09:22.279 --> 00:09:28.279 by intercepting analyzing communications electronics signals. Then there's unlawful government 198 00:09:28.320 --> 00:09:30.960 access that's where an agency might try to steal data 199 00:09:30.960 --> 00:09:34.240 without authorization. And then there's lawful government access where data 200 00:09:34.279 --> 00:09:37.679 is obtained legally, like through court orders for investigations. 201 00:09:38.039 --> 00:09:41.120 So signals intelligence is more about gathering general info for 202 00:09:41.240 --> 00:09:44.840 national security, while the other two are about specific data, 203 00:09:44.879 --> 00:09:48.279 either for investigations or in the case of unlawful access 204 00:09:48.360 --> 00:09:51.399 for malicious reasons. It's interesting how these legal frameworks are 205 00:09:51.399 --> 00:09:53.919 trying to keep up with the challenges of data access 206 00:09:53.919 --> 00:09:55.480 in the digital age, right, and. 207 00:09:55.440 --> 00:09:59.039 The book goes deeper into lawful government access, talking about 208 00:09:59.039 --> 00:10:03.440 things like to All Legal Assistance Treaties or mlets, and 209 00:10:03.480 --> 00:10:06.799 the Cloud Act. These are meant to help international cooperation 210 00:10:06.879 --> 00:10:10.519 and investigations, but they also raise questions about privacy and 211 00:10:10.600 --> 00:10:11.440 data sovereignty. 212 00:10:11.639 --> 00:10:14.720 It's that balance again, security versus privacy. But the book 213 00:10:14.720 --> 00:10:18.879 also talks about transparency reports, which I found reassuring. Companies 214 00:10:18.919 --> 00:10:22.840 like Google, Microsoft, Amazon they published data on how many 215 00:10:23.000 --> 00:10:26.120 government requests for data they get, so at least there's 216 00:10:26.120 --> 00:10:27.200 some visibility there. 217 00:10:27.320 --> 00:10:31.679 Transparency's huge builds accountability and trust those reports give us 218 00:10:31.679 --> 00:10:34.440 a peek into how often governments are asking for data 219 00:10:34.480 --> 00:10:35.639 and for what reasons. 220 00:10:36.159 --> 00:10:38.480 And of course all this talk about government access to 221 00:10:38.600 --> 00:10:41.159 data brings up the whole issue of data privacy. There 222 00:10:41.159 --> 00:10:43.159 have been some big legal developments in this area, right 223 00:10:43.240 --> 00:10:45.559 like the Shrem's the second ruling and the use of 224 00:10:45.559 --> 00:10:47.960 standard contractual clauses for data transfers. 225 00:10:48.080 --> 00:10:50.639 Oh yeah, Shrem's in particular has created a lot of 226 00:10:50.720 --> 00:10:55.360 uncertainty for organizations that transferred data outside of the European 227 00:10:55.440 --> 00:11:00.000 Economic Area. Basically, it invalidated a key mechanism for data 228 00:10:59.879 --> 00:11:04.440 privacy when transferring data to countries with different data protection laws. 229 00:11:04.480 --> 00:11:05.840 Sounds like a legal mindfield. 230 00:11:05.960 --> 00:11:09.200 It can be, and it highlights how cybersecurity goes beyond 231 00:11:09.360 --> 00:11:12.639 just protecting systems and networks. You've got to understand the 232 00:11:12.720 --> 00:11:14.480 legal and regulatory stuff too, So. 233 00:11:14.440 --> 00:11:17.679 It's a multi dimensional problem needs a holistic approach. Okay, 234 00:11:17.720 --> 00:11:21.879 we've covered vulnerabilities, threat, intel, government access, a lot of ground, 235 00:11:22.360 --> 00:11:25.639 but now let's talk about cybersecurity strategies. What are some 236 00:11:25.720 --> 00:11:29.200 of the ways organizations can protect themselves in this complex 237 00:11:29.279 --> 00:11:30.480 landscape we've been talking about. 238 00:11:30.600 --> 00:11:33.360 The book outlines a whole bunch of strategies, each with 239 00:11:33.399 --> 00:11:36.799 its own strength and weaknesses. We'll look at protect and recover, 240 00:11:37.080 --> 00:11:43.399 endpoint protection, application centric, identity centric, data centric, physical control 241 00:11:43.399 --> 00:11:48.120 and security clearances, compliance as a security strategy, attack centric, 242 00:11:48.279 --> 00:11:51.679 zero trust, even how DevOps plays a role. It's a lot, 243 00:11:51.720 --> 00:11:55.120 and the right one for any organization depends on their needs. 244 00:11:55.279 --> 00:11:58.960 They're risk tolerance. The book uses something called the Cybersecurity 245 00:11:59.000 --> 00:12:04.320 Fundamental Scoring System or CFSS to evaluate these strategies, measures 246 00:12:04.399 --> 00:12:07.399 how effective each one is against those common vulnerabilities we 247 00:12:07.440 --> 00:12:07.879 talked about. 248 00:12:07.919 --> 00:12:09.919 That's cool, so we'll see how each strategy stacks up 249 00:12:09.919 --> 00:12:14.279 against those usual suspects, unpatched vulnerabilities, weak credentials. All that, 250 00:12:14.600 --> 00:12:16.159 I'm ready to dive in and see what these strategies 251 00:12:16.159 --> 00:12:16.600 are all about. 252 00:12:16.600 --> 00:12:19.080 All right, let's start with a classic but still important 253 00:12:19.639 --> 00:12:20.200 protect and. 254 00:12:20.159 --> 00:12:21.879 Recover straightforward enough tell me more. 255 00:12:21.919 --> 00:12:24.799 It's all about building layers of defense to prevent attacks 256 00:12:24.840 --> 00:12:27.840 in the first place, and then having solid recovery mechanisms 257 00:12:28.080 --> 00:12:30.799 to restore systems and data if a breach does happen. 258 00:12:30.879 --> 00:12:34.320 So a strong perimeter like firewalls, intrusion detection systems to 259 00:12:34.399 --> 00:12:36.919 keep the bad guys out, but also a plan B 260 00:12:37.360 --> 00:12:40.480 like data backups to recover if they do get in exactly. 261 00:12:40.600 --> 00:12:43.519 But I'm guessing there are limitations to this, right, Yeah, 262 00:12:43.559 --> 00:12:46.879 no defense is perfect. Attackers are always finding new ways in. 263 00:12:47.080 --> 00:12:49.639 Yeah, you're right. The book points out that protect and 264 00:12:49.720 --> 00:12:53.960 Recover kind of assumes that you can completely block attackers, 265 00:12:54.000 --> 00:12:57.639 which isn't realistic these days. Attackers are constantly evolving, finding 266 00:12:57.639 --> 00:13:01.679 new vulnerabilities bypassing secure scurity. Like you can build the 267 00:13:01.720 --> 00:13:05.440 strongest fortress, but a determined attacker might find a way 268 00:13:05.480 --> 00:13:06.639 to tunnel under the walls. 269 00:13:07.000 --> 00:13:10.320 So good foundation, but probably not enough on its own anymore. 270 00:13:10.879 --> 00:13:12.840 What about endpoint protection? How's that different? 271 00:13:13.120 --> 00:13:17.240 Endpoint protection focuses on securing each individual device that connects 272 00:13:17.240 --> 00:13:20.600 to your network, laptops, desktops, phones, servers, anything that could 273 00:13:20.600 --> 00:13:24.519 be an entry point, making sure those devices are configured right, patched, 274 00:13:24.639 --> 00:13:25.799 protected from malware. 275 00:13:26.000 --> 00:13:28.519 So securing the front lines where most attacks start. 276 00:13:28.799 --> 00:13:32.759 You got it, think anti virus, endpoint detection and response tools, 277 00:13:33.159 --> 00:13:36.960 strong password policies, making those individual devices as hard to 278 00:13:37.000 --> 00:13:37.840 crack as possible. 279 00:13:37.879 --> 00:13:41.039 But we talked about how the threat landscape is constantly changing, 280 00:13:41.519 --> 00:13:44.559 new vulnerabilities popping up all the time. How does endpoint 281 00:13:44.639 --> 00:13:46.039 protection keep up with that. 282 00:13:46.039 --> 00:13:50.879 That's the challenge. It requires constant vigilance, constant updates, having 283 00:13:50.919 --> 00:13:54.799 good end point security solutions, and having security teams that 284 00:13:54.840 --> 00:13:57.279 are on top of managing and deploying those updates. 285 00:13:57.759 --> 00:13:59.360 So not a set it and forget it kind. 286 00:13:59.240 --> 00:14:02.919 Of thing, definitely not. Endpoint protection is about being proactive, 287 00:14:03.480 --> 00:14:05.039 staying ahead of the attackers. 288 00:14:05.240 --> 00:14:08.600 Okay, now let's talk about application centric security. What's the 289 00:14:08.600 --> 00:14:09.320 focus there? 290 00:14:09.600 --> 00:14:13.600 Application centric it shifts the focus from the network perimeter 291 00:14:13.799 --> 00:14:17.320 to the applications themselves. The idea is applications are often 292 00:14:17.360 --> 00:14:19.919 the target, so we need to build security into the 293 00:14:19.919 --> 00:14:21.799 whole application development process. 294 00:14:21.960 --> 00:14:24.679 So instead of a wall around everything, you're building security 295 00:14:24.720 --> 00:14:25.720 into the building. 296 00:14:25.360 --> 00:14:28.440 Block, exactly like adding security features to a house while 297 00:14:28.440 --> 00:14:30.399 you're building it, not trying to bolt them on later. 298 00:14:30.519 --> 00:14:32.000 I like that. So how do you actually do that? 299 00:14:32.279 --> 00:14:37.120 It's a multifaceted thing. Involves secure coding guidelines, vulnerability standing, 300 00:14:37.639 --> 00:14:41.919 penetration testing, things like run time applications, self protection tools. 301 00:14:42.240 --> 00:14:45.440 Integrating security into every stage of development. 302 00:14:45.120 --> 00:14:47.120 Sounds thorough, but what are the trade offs? 303 00:14:47.320 --> 00:14:50.799 The big plus is you're securing the most common target, 304 00:14:51.080 --> 00:14:54.840 the applications themselves. Building security into the code makes it 305 00:14:54.960 --> 00:14:58.759 much harder to find and exploit vulnerabilities. 306 00:14:57.919 --> 00:15:01.080 With proactive prevents vulnerability from even existing. 307 00:15:01.440 --> 00:15:04.200 Right, But the downside is it can be complex and 308 00:15:04.240 --> 00:15:08.000 time consuming. It needs specialized skills, might not be feasible 309 00:15:08.039 --> 00:15:11.200 for organizations that rely a lot on third party apps 310 00:15:11.200 --> 00:15:13.159 where they don't control the code. 311 00:15:12.879 --> 00:15:16.080 So a balance between security and practicality. I'm curious to 312 00:15:16.080 --> 00:15:19.279 see how it scores on that Cybersecurity Fundamental scoring system. 313 00:15:19.360 --> 00:15:22.759 According to the book, Application Centric gets a seventy on 314 00:15:22.799 --> 00:15:25.879 the CFSS, which is pretty good. It's great at mitigating 315 00:15:25.960 --> 00:15:29.759 vulnerabilities and misconfigurations, but only gets partial marks for things 316 00:15:29.799 --> 00:15:32.039 like insider threats, social engineering. 317 00:15:32.279 --> 00:15:36.720 Weak credentials makes sense strong strategy for organizations that develop 318 00:15:36.759 --> 00:15:41.320 their own software, but might not cover all types of threats. Okay, 319 00:15:41.559 --> 00:15:44.600 what about identity centric security. What's the idea there? 320 00:15:44.960 --> 00:15:48.840 Identity centric recognizes that identity is becoming the new perimeter. 321 00:15:49.279 --> 00:15:54.080 It's about verifying the identities of users, systems, devices, granting 322 00:15:54.159 --> 00:15:56.879 access based on those identities and permissions. 323 00:15:57.000 --> 00:16:00.159 So less about a fortress, more about a really good gatekeeper. 324 00:16:00.000 --> 00:16:02.519 Exactly like a security guard checking IDs at the door. 325 00:16:02.639 --> 00:16:04.519 I can see how this is important with cloud computing, 326 00:16:04.600 --> 00:16:08.240 remote work that traditional network perimeter isn't as relevant anymore. 327 00:16:08.360 --> 00:16:08.720 Got it? 328 00:16:08.759 --> 00:16:13.159 When users and devices are accessing stuff from everywhere, verifying 329 00:16:13.159 --> 00:16:14.919 their identity becomes super important. 330 00:16:15.399 --> 00:16:18.399 So what are the key parts of an identity centric strategy? 331 00:16:18.679 --> 00:16:22.759 Strong authentication mechanisms are crucial, Like multi factor authentication, you 332 00:16:22.840 --> 00:16:28.200 need robust identity management systems to control access based on rolls, permissions, 333 00:16:28.600 --> 00:16:31.279 even the context of the request. They even talk about 334 00:16:31.360 --> 00:16:34.759 using metadata like location and time of access to make 335 00:16:34.840 --> 00:16:37.039 better decisions about granting access as. 336 00:16:36.919 --> 00:16:38.960 More nuanced than just passwords and firewalls. 337 00:16:39.159 --> 00:16:43.519 It is, but like any approach, it has challenges. Managing 338 00:16:43.559 --> 00:16:47.559 identities and permissions can get complex, especially in big organizations, 339 00:16:48.639 --> 00:16:50.559 lots of systems, lots of applications. 340 00:16:50.639 --> 00:16:52.080 I bet that could get MESSI fast. 341 00:16:52.559 --> 00:16:56.360 It can, And it's hard to enforce consistent identity policies 342 00:16:56.399 --> 00:17:01.200 across different environments, especially with legacy systems or third party apps. 343 00:17:01.519 --> 00:17:05.880 So it could be highly effective, but needs careful planning implementation. 344 00:17:06.200 --> 00:17:09.599 Absolutely, it's about that balance between security and usability. 345 00:17:10.200 --> 00:17:14.160 Okay, onto data centric security. What's the central theme? 346 00:17:14.519 --> 00:17:18.160 Data centric recognizes that data is often the most valuable asset. 347 00:17:18.240 --> 00:17:20.759 It's about securing the data itself. No matter where it 348 00:17:20.799 --> 00:17:22.000 lives or how it's accessed. 349 00:17:22.119 --> 00:17:23.960 Putting the crown jewels in the vaults, so to. 350 00:17:23.960 --> 00:17:27.279 Speak, exactly protecting the data itself, not just the systems 351 00:17:27.319 --> 00:17:28.359 and networks around it. 352 00:17:28.400 --> 00:17:31.400 With data becoming more valuable and all the regulations around 353 00:17:31.480 --> 00:17:35.920 data protection like GDPR, this strategy seems more relevant than ever. 354 00:17:36.119 --> 00:17:39.279 Absolutely, a data centric approach to security is crucial. 355 00:17:39.359 --> 00:17:40.559 So what are the key principles? 356 00:17:40.799 --> 00:17:45.000 Data classification, encryption, access control are big ones. They also 357 00:17:45.000 --> 00:17:48.839 talk about data loss prevention technologies or DLP. It's about 358 00:17:48.839 --> 00:17:51.440 knowing what data you have, where it is, who can 359 00:17:51.480 --> 00:17:54.400 access it, and how to protect it throughout its life cycle. 360 00:17:54.599 --> 00:17:58.680 Very comprehensive it is, but there are challenges. Managing data 361 00:17:58.680 --> 00:18:01.440 across lots of different systems and apps can be tough, 362 00:18:01.519 --> 00:18:04.319 and when data is in the cloud or shared with partners, 363 00:18:04.839 --> 00:18:08.160 enforcing consistent security policies gets really tricky. 364 00:18:08.200 --> 00:18:12.240 So you need good data governance collaboration between teams organizations 365 00:18:12.319 --> 00:18:12.680 for sure. 366 00:18:12.799 --> 00:18:15.039 Data security is everyone's responsibility. 367 00:18:15.160 --> 00:18:17.119 Now let's talk about something that might seem a bit 368 00:18:17.200 --> 00:18:20.039 old school, physical control and security clearances. 369 00:18:20.279 --> 00:18:24.720 This one emphasizes physical security controls personnel security to protect 370 00:18:24.720 --> 00:18:29.279 sensitive info think secure data centers, guarded facilities, background check, 371 00:18:29.359 --> 00:18:34.960 security clearances, controlling who can physically access facilities, systems data. 372 00:18:34.799 --> 00:18:36.720 Sounds like something out of a spy movie. 373 00:18:36.519 --> 00:18:39.400 A little bit, right, but it's still relevant for some organizations, 374 00:18:39.759 --> 00:18:43.519 especially those dealing with highly sensitive info like national secrets, 375 00:18:43.640 --> 00:18:49.119 financial data. It's about minimizing insider threats, theft, espionage. 376 00:18:49.400 --> 00:18:53.680 But with cloud computing, remote work data is everywhere people 377 00:18:53.759 --> 00:18:56.920 work from anywhere, it seems like physical security might not 378 00:18:57.000 --> 00:18:57.759 be as effective. 379 00:18:57.880 --> 00:19:00.359 You're right. It's harder to control physical acts access to 380 00:19:00.440 --> 00:19:03.079 data when it's in the cloud, or access by employees 381 00:19:03.119 --> 00:19:03.880 working from home. 382 00:19:04.119 --> 00:19:06.839 So it works for certain types of data certain organizations, 383 00:19:07.119 --> 00:19:10.039 but not a comprehensive solution from most businesses today. 384 00:19:10.359 --> 00:19:12.359 I agree. It's a strategy that needs to adapt to 385 00:19:12.359 --> 00:19:13.160 the digital world. 386 00:19:13.279 --> 00:19:17.240 Okay, let's talk about a strategy that's often misunderstood. Compliance 387 00:19:17.440 --> 00:19:18.680 as a security strategy. 388 00:19:18.759 --> 00:19:22.599 This one's all about using compliance with industry standards regulations 389 00:19:22.839 --> 00:19:26.599 as the main framework for your security program, meeting those 390 00:19:26.640 --> 00:19:30.680 minimum requirements set by external entities to show a baseline 391 00:19:30.720 --> 00:19:31.559 level of security. 392 00:19:31.680 --> 00:19:35.680 So things like PCIDSS for payment card data, HPA for 393 00:19:35.720 --> 00:19:39.599 healthcare info, GDPR for personal data in the EU checking 394 00:19:39.599 --> 00:19:42.359 the boxes, making sure you're meeting those obligations right. 395 00:19:42.440 --> 00:19:44.920 But here's the thing. Compliance doesn't equal security. 396 00:19:45.160 --> 00:19:46.799 I can see that you could be following all the 397 00:19:46.880 --> 00:19:51.640 rules but still have vulnerabilities that attackers could exploit exactly. 398 00:19:52.000 --> 00:19:54.799 The book warns about the potential pitfalls of this approach. 399 00:19:55.279 --> 00:19:59.680 Organizations should focus on a comprehensive security program that addresses 400 00:19:59.720 --> 00:20:02.519 their s specific risks, not just checking boxes. 401 00:20:02.640 --> 00:20:05.200