Attack Surface - answer-Any place in an environment a bad actor can gain
entry or extract something of value
What are some Attack Surface vulnerabilities? - answer-computer systems,
networks, servers, data centers, a variety of cloud services, employees,
customers and business partners.
What is ISS Fortinet OS upgrades advantage? - answer-ISS has most up to
date software update of any MSSP, unlocking security and SD WAN features
not requiring additional cost to the customer
Digital Transformation - answer-The integration of digital technology into all
areas of business
How does digital transformation change business? - answer-it results in a
fundamental change to how a business operates, and how they deliver value
to their customers
Security transformation - answer-with Digital transformation taking place of
as or more importance is your security transformation needing a security
architecture providing continuous trust
Challenges to security transformation? - answer-Broader attack surface with
ongoing rang of new devices and cloud services, and NEW REGULATIONS
What is the average company using in digital solutions? - answer-Over 30
different software, hardware, cloud and management consoles even before
the digital transformation is complete
IT teams struggle with security? - answer-The noise of shear number of
components and changes to regulations
what percentage of companies had to hire more Jr Cyber experts? - answer-
41%, and had to be junior because of lack of staff in the industy
is security a dynamic state - answer-yes
Fortinet security fabric has - answer-Broad visibility over attack surface,
Integrate detection of threats, and automated response and continuous trust
assessments
Sandbox - answer-If unexpected happens it puts in sanbox so onoy effects
those 4 walls.
, - To observe activity of unknown code and quarentine so no harm can be
done.
- Sandbox lets it run to observe attributes
History before sandbox - answer-there was the typical push & pull arms race
of one upman ship of patching new found vulnerabilities .
- Sanbox originally was silo, so if coordinated attack they didn't talk
Evasion techniques - Sandbox - answer-attackers will try to show as benign
for a time to be released.
-Key is for sandbox to act as much like the users network to not reveal in
sandbox.
- comprehensive emulator and performance. Must be completely integrated
to share threat intelligence
'zero day' attack - sandbox - answer-exploiting an unknown deficiency in
code. Before Sandbox no way to stop it, FW and anitvirus only stop known
threats
Secure Email Gateway or SEG - answer-added - anitvirus, threat emulation
and sandboxing to dtect malicous attachments in real time.
- more automation has been added to reduce overwhelming SOC teams
- Fortimail integrates under single pain of glass
Phishing - answer-Coined by AOL, creating phony account tricking people to
give money or information
- close domain names to click link that contained malware
-preys on human iatete, distraction
Spam fliters - answer-developed spam mail filter, identified certain terms or
headers
Sender policy framework - answer-- 2014 bacem standare - authentication
method identifies bogus sender addfesses and emails
- bad actors introduced new every time, easy to outsmart
2004 - 176 unique phishing attacks identified
2012 - 28,000 had been with 500 million loss
SIEM - answer-Security Information and Event Management
-aggregate logs from many sources for analysis and pattern
-Monitor correlate and alert in real-time
- Updated with new toolset
-UEBA, Threat Intelligence, historical and real-time analytics & MAchine
learning
SIEM must... - answer-Monitor, Correlate and notify of events