Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

6/12/2020
01:40 PM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail

7 Must-Haves for a Rockin' Red Team

Follow these tips for running red-team exercises that will deliver added insight into your operations.
2 of 8

A Clear Objective

Companies should understand what they are trying to protect, says Quentin Rhoads-Herrera, director of professional services at CriticalStart. For power plants or utilities with SCADA systems, it's often very specific. But most companies can identify their "crown jewels." For a financial company, it's PCI data and credit card names and addresses. For a medical practice, it's sensitive medical information. Government contractors will want to protect military secrets or sensitive government agency data.

Protecting mission-critical assets and crown jewels requires another order of security magnitude compared with simply ensuring the company has good vulnerability and patch management, Bishop Fox's Wood adds.

Many companies make sure they are patched and configured properly, but there are many other issues to consider: What does the attack path look like from each asset or profile of assets to the things the company really cares about? Once malware gets installed, where could an attacker pivot? What accounts or data are exposed? How could an attacker exfiltrate sensitive data? How could poor business practices or inadequate policies, standards, and guidelines expose the organization to more risk? If the company focuses only on the easy "threat landscape" and not the holistic environment, it leaves the organization open to risk, Wood says.

Image Source: Adobe Stock: Piotr

2 of 8
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
peternjohnson
50%
50%
peternjohnson,
User Rank: Strategist
7/9/2020 | 1:31:04 PM
slide show? Still?
Nope.

What is this clickbait central? How annoying, post an article if you really want people to be responsive.

 
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24213
PUBLISHED: 2020-09-23
An integer overflow was discovered in YGOPro ygocore v13.51. Attackers can use it to leak the game server thread's memory.
CVE-2020-2279
PUBLISHED: 2020-09-23
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.
CVE-2020-2280
PUBLISHED: 2020-09-23
A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code.
CVE-2020-2281
PUBLISHED: 2020-09-23
A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources.
CVE-2020-2282
PUBLISHED: 2020-09-23
Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin.