构建企业网络安全防御体系

需积分: 10 117 浏览量更新于2023-06-04 收藏 21.27MB PDF 举报

"Enterprise Cybersecurity(Apress,2015)" 是一本面向企业网络安全的专业书籍，旨在帮助各种规模的组织构建下一代网络安全程序，抵御日益严重的针对性网络攻击。书中的框架全面覆盖了企业网络安全管理的各个方面，指导企业如何构建与政策、项目管理、IT生命周期和评估无缝协调的统一网络安全体系。尽管无法实现绝对的安全防御，但企业可以通过早期检测攻击并延迟攻击者行动，为防御者提供足够的时间有效应对，来管理风险。这本书详细介绍了各个责任层级的参与者如何将组织的人力、预算、技术和流程整合成一个成本效益高的网络安全程序，以对抗高级网络攻击，并在发生数据泄露时控制损害。书的内容分为四大部分： 1. 第一部分：网络安全挑战 - 揭示了网络安全所面临的威胁，定义了挑战的本质，并探讨了如何应对这些挑战。 2. 第二部分：新的企业网络安全架构 - 阐述了企业网络安全架构的设计，包括实施和操作网络安全的具体步骤，以及云计算和移动设备（如BYOD）环境下的安全策略。 3. 第三部分：网络防御的艺术 - 强调了构建有效防御的方法，以及如何对网络安全事件作出响应，包括危机管理策略。 4. 第四部分：企业网络安全评估 - 详细介绍了评估网络安全效能的重要性，包括如何进行有效的网络安全评估。这本书是企业领导者、IT安全专业人员、政策制定者和所有关心企业网络安全的人士的重要参考资料。通过深入阅读，读者可以掌握构建全面、适应性强且协调一致的企业网络安全体系的关键要素。

xlii

■ INTRODUCTION

APPENDIX E: Cybersecurity Operational Processes

Appendix E contains detailed flowcharts for the 17 operational processes of enterprise cybersecurity, and it

also introduces the 14 supporting information systems.

APPENDIX F: Object Measurement

Appendix F introduces the Object Measurement methodology for objective assessment, and explains how to

use it to measure and report enterprise cybersecurity architecture effectiveness.

APPENDIX G: Cybersecurity Capability Value Scales

Appendix G contains detailed, example Object Measurement value scales for measuring the performance of

each of the 113 enterprise cybersecurity architecture capabilities, grouped by the 11 functional areas.

APPENDIX H: Cybersecurity Sample Assessment

Appendix H provides an example enterprise cybersecurity assessment using the methodology contained in

this book, providing multiple levels of detail showing how different types of assessment can be performed.

APPENDIX I: Network Segmentation

Appendix I describes a simple methodology for network segmentation that is suitable for countering many

advanced threats and provides a good balance between containment and security versus complexity and cost.

Glossary

The Glossary provides an explanation of the cybersecurity terms used in this book, expressed in plain

English for the non-technical reader.

Bibliography

The Bibliography provides additional literature for readers who wish to explore extensions to material

addressed in this book and who wish to explore alternatives to what this book addresses.

Index

The Index provides a means for the reader to locate concepts and other material the book addresses in a

timely manner.

www.it-ebooks.info

Chapter 1

Defining the Cybersecurity

Challenge

It appears that lately cybersecurity is in trouble, or at least going through a difficult time. If you are reading

this book, you are one of the people trying to make cybersecurity work despite daunting challenges and

information technology (IT) environments seemingly ill-suited to facing those challenges. The authors share

your concerns.

This book is about building effective cybersecurity that works against advanced cyberthreats, despite

the challenges. Effective cybersecurity works when you are faced with an adversary who is well-funded,

intelligent, sophisticated, and who does not give up at the first sign of cyberdefense. Effective cybersecurity

evolves over time to handle increasingly sophisticated adversaries in an increasingly interconnected world.

Effective cybersecurity involves cybersecurity as a partner, coach, and scorekeeper for IT, rather than just a

naysayer standing in the way of progress.

This book describes a comprehensive framework for managing an enterprise cybersecurity program

that is pragmatic, realistic, and suited to battling today’s cyberthreats. This book’s field-proven framework

has been used to run large-scale cybersecurity efforts against advanced nation-state adversaries and

talented individual hackers. This flexible framework is designed to manage cyberdefenses against today’s

sophisticated cyberthreats, as well as tomorrow’s next-generation cyberthreats.

The Cyberattacks of Today

Compared to today, cybersecurity used to be relatively simple. The major cyberthreats were viruses, worms,

and Trojan horse. These cyberthreats randomly attacked computers directly connected to the Internet,

but posed little enterprise threat. Inside enterprise networks with firewalls on the outside and anti-virus

protection on the inside, the enterprise appeared to be protected and relatively safe. Occasionally an

incident would occur and cyberdefenders would rally to fight it, but once the defenders understood the

malicious code, detecting it and defeating it was straightforward.

Then, slowly but surely, a transformation started to take place. Cyberattackers started getting inside

enterprise networks, and once they were inside they operated surreptitiously. Cyberattackers took control

of infected machines and connected them to remote command-and-control systems. They captured

usernames and passwords, and then used them to connect to systems for stealing data or money.

Cyberattackers exploited vulnerabilities inside the enterprise to move laterally among computers on the

network and capture the credentials of more and more people within the enterprise. Finally, cyberattackers

escalated privileges and got control of the systems administrator accounts in charge of everything. Once

these attackers got administrative control of the enterprise, they were able to do anything they wanted.

www.it-ebooks.info

CHAPTER 1 ■ DEFINING THE CYBERSECURITY CHALLENGE

“We are using outdated, conventional defenses to guard against cutting-edge, innovative malware.

We are no more prepared to do this than a 19th century army trying to defend itself against today’s electronic

weaponry.” —FireEye.

In recent years, this trend has played out in more and more spectacular breaches hitting the headlines.

Just a couple of the severe intrusions include the following:

• In 2011, RSA’s enterprise was breached and the security keys for many of its customers

were believed to have been stolen. This breach prompted RSA to replace millions of

its SecureID tokens to restore security for its customers. This breach is disconcerting

because RSA is one of the oldest and most established cybersecurity brands.

• In 2013, Target’s point of sale (POS) network was compromised, resulting in the loss

of personal information and credit card numbers for over 40 million customers. The

costs of this breach, particularly when reputational damage and lawsuits are taken

into account, will likely be huge.

• In 2014, Sony Pictures Entertainment reported attackers had infiltrated its

environment and disabled almost every computer and server in the company.

This cyberattack brought the company to its knees and resulted in the public release

of thousands of proprietary documents and e-mail messages.

• In 2014, a German steel mill was affected by a hacking incident that caused one of

its blast furnaces to malfunction. This resulted in significant physical damage to the

plant and its facilities.

• In 2015, Anthem reported its IT systems had been breached and personal

information on over 80 million current and former members of their healthcare

network was compromised, which included the US government’s Blue Cross Blue

Shield program.

These intrusions are but a handful of the myriad of cybersecurity breaches that have occurred recently.

However, these breaches are indicative of some of the major trends. Cyberattackers are now targeting

personal identities, financial accounts, and healthcare information and getting such information on millions

or tens of millions of people in a single breach. Cyberattackers are taking control of industrial equipment

and causing physical damage to plants and equipment. Thankfully, no one has been hurt so far, but given

the current trends it may just be a matter of time.

These headlines seem to indicate that the attackers have gotten the upper hand, at least for now. The

question is, “What has changed and how can the defenders recover?”

The Sony Pictures Entertainment Breach of 2014

In November 2014, Sony Pictures Entertainment employees got to the office to find themselves in the

crosshairs of an IT horror story. Their computers had been taken over. Instead of displaying logon prompts,

office productivity, and corporate web sites, they were completely nonfunctional and displayed a message

from an organization claiming to be the Guardians of Peace. By the end of the day, most of the computers

at Sony Pictures had been completely disabled, sharply impairing the company’s business while they

FireEye, “Advanced Malware Exposed,” www2.fireeye.com/wp_advmalware_exposed.html, 2011.

www.it-ebooks.info

CHAPTER 1 ■ DEFINING THE CYBERSECURITY CHALLENGE

recovered data and IT systems. The cyberattackers then went on to publish proprietary data from Sony

Pictures, including salaries and personal e-mails of its senior executives. The breach caused a media

sensation due to the salaciousness of the data published. The breach also caused earthquakes in the

cybersecurity industry, as the IT community got a glimpse of what a devastating cyberattack could do.

Key lessons learned include the following:

• The Sony hack is significant, not because the attackers did something no one could

do before, but because the attackers did what cyberattackers have been able to do all

along, but have chosen not to. The security industry has been warning for years that

cyberattackers could bring a company to their knees. The Sony hack put the reality of

this possibility in full view of the press and the public.

• It is reasonable to expect that Sony’s cyberdefenses were consistent with industry

norms and reflected what is and is not being done at a myriad of other companies

around the world. In fact, Sony Pictures was likely better defended than most

enterprises due to its size and prominence. One has to ask, “Is this an indication of

how vulnerable everyone is to a devastating cyberattack?”

• The effectiveness of the Sony hack was likely amplified by the consolidation of IT

systems administration that has occurred over the past 20 years. In the past, a single

systems administrator might manage a handful of servers providing, at most, one or

two enterprise services. Today, the same administrator may have privileged access

to a hundred systems, or even thousands. If attackers can get control of that one

person’s administrative credentials, the damage they can do is devastating.

• These types of attacks show how professional attackers, who understand how modern

IT works and how it is managed, can effectively turn an enterprise’s IT infrastructure

against it. These infrastructures are largely designed for functionality, not security,

and often lack compartmentalization to contain a breach and limit its damage.

• Finally, attacks like Sony’s underscore the fear factor that devastating cyberattacks

can have on an industry and the nation. What would be the political impact if an

individual, an organization, or a nation-state could pull off a hundred Sony-style

attacks, all simultaneously?

There is a mega-trend going on here. These types of cyberattacks are moving down market over time.

In other words, the techniques nation-states were using a couple of years ago are being used by cybercriminals

today. The techniques cybercriminals were using a couple of years ago are in commodity malware and viruses

today. It is reasonable to expect what was done to Sony Pictures Entertainment will become more common

in the future as cyberattack tools and techniques proliferate and become available to larger and larger

communities. So, while these types of threats may only be of concern to a small group of top-tier players

today, as these threats move down market, they will become more widespread.

The tools and techniques to fight these types of attackers exist today, but they are not cheap or easy to

deploy. Also, fighting these cyberattackers requires re-thinking many aspects of IT so that security is baked

in rather than bolted on. One cannot simply buy a widget and be immune to Sony-style attacks. Just as banks

have to invest in alarms and security guards, enterprises have to invest in people doing the dirty, grunt work

of cybersecurity, day in and day out. Enterprises have to be constantly evolving their defenses. Cybersecurity

defense is an arms race and the attackers are smart, competent, and ill-intended. The attackers who hit Sony

Pictures Entertainment are advanced, persistent, and very, very threatening.

www.it-ebooks.info

剩余507页未读，继续阅读

vanridin

粉丝: 108
资源: 1187

构建企业网络安全防御体系

Cyber Operations(Apress,2015)

Enterprise Cybersecurity Study Guide.pdf

「漏洞预警」Optimizing Enterprise Cybersecurity through Serious Gam

Enterprise Cybersecurity - How to build a ....

Enterprise Cybersecurity Study Guide How to Build a Successful Cyberdefense epub

Enterprise Cybersecurity Study Guide How to Build a Successful 无水印原版pdf

Enterprise.Cybersecurity.1430260823

UN Regulation No.155 - Cyber security and cyber security managem

AG Cyber Security Strategy - for website_cybersecurity_poetrygne

Cybersecurity

最新资源