December 13, 2021
March 6, 2024
12 min read
Fortifying your Digital Stronghold
Numerous articles explore the vast landscape of cybersecurity. So when Oleksii Popov, Head of Digital Engineering at Customertimes, set out to craft his piece, he opted for a unique perspective. Weaving a tale that involves noble cyber knights and insidious hacker villains, Oleksii contends that even the most intricate and crucial topics, like technology industry security, become more engaging when infused with a touch of adventure.
Let’s start with a fable. Once upon a time, there was a platform called “My stronghold”.
The Lord of this stronghold wanted merchants (Sales Managers) to be successful, artisans (Cloud Application Developers) to work peacefully, treasury to be filled by transactions and aristocrats (End users) to be happy. The stronghold needed to work hard and produce new goods for aristocrats.
But one day, a group of bandits, known as “The Hackers”, were trying to steal the treasury and the secrets of the castle.
The Lord of the castle has to call upon his knights (Security team, Architects and DevOps) to defend the stronghold from this new threat. These cyber knights are well-trained in the art of war, but they have never faced an enemy like this before. The hackers were using new tactics and weapons that the knights had never seen.
The Lord needed to educate knights on tactics to defend the digital assets of the stronghold in the modern world of clouds and AI.
Understanding the landscape
The knights️ must use their wits and their knowledge of the castle to defend it from the hackers. But first, they need to understand what to defend.
To build a comprehensive inventory of the components and their metadata and connections they should compose a Software Bill of Materials (SBOM). SBOM should include Data Fields, Automation description, Practices and Processes used.
Knights used an SBOM automated tool to create one to make it faster. It helped not only to improve security but also contributed to compliance, transparency and collaboration, risk management, and cost optimization. It showed redundant elements of the system and “code bloat”. By optimizing it, cyber knights decreased the “attack surface”. SBOMs can help artisans identify redundant coding, making it easier to eliminate duplicate or unnecessary additional tools.
Cybersecurity threats have become more sophisticated, from traditional malware to advanced persistent threats and zero-day vulnerabilities. Our knights suggest using penetration testers’ tools to verify the defense. Cyber knights use AI to prepare attack plans. It’s better to mirror such activities to build our defense. So we need to prepare attack plan regularly, think it over and adapt against it.
Identifying privileged users
Knowing who holds privileged rights in a domain is crucial. Start with a review and IAM roles audit. Search groups and users, using specific search strings such as “admin” as a first step. Downgrade privileges, mitigating potential escalation by attackers.
Read also:
Configure session monitoring
Configure monitoring and security shields to highlight active sessions of specific users on hosts. This helps defenders stay ahead, minimizing an attacker’s path to privileged escalation.
Implement AWS CloudTrail to log API calls, providing visibility into actions taken on resources.
Set up AWS CloudWatch (or alternatives) to monitor and generate alerts based on predefined security metrics and anomalies. During the defense preparation of the stronghold, we want to be aware of all the movements. And react in case something goes out expected path.
Password policy oversight
Regularly checking password freshness is a key practice. Knights ask us to take it seriously. As well as 2-factor authentication wherever possible.
The artisans are skeptical at first, but they soon realize that the new weapons and defenses are necessary to protect the stronghold from the hackers.
Navigating complex networks
For intricate networks with multiple domains, it is hard to make a proper configuration. Make a diagram with a clear map, aiding defenders in understanding the network’s domain structure and relationships. Once you have a clear picture of your networks, you can gather your party of defenders and think of ways to prevent threats.
Re-vamp VPC configuration and port usage.
Use AWS WAF (Web Application Firewall) which helps protect web applications from common web exploits, by allowing you to configure rules to filter and monitor HTTP traffic.
The knights️ must use their wits and their knowledge of the castle to defend it from the hackers. But first, they need to understand what to defend.
Defending against exfiltration attempts
Identifying and preventing data exfiltration attempts is challenging. Our knights utilize cloud tools like Amazon GuardDuty for threat detection, including data exfiltration attempts and Macie to discover, classify, and protect sensitive data which leverage machine learning to enhance security.
This will help our stronghold defenders, allowing them to test and enhance egress solutions systematically.
ML threats
It’s essential to acknowledge that ML models may undergo training on datasets that aren’t necessarily fortified with the highest security measures. Within this context, certain prevalent threats emerge:
- Execution via API: This avenue opens the door to potential vulnerabilities, exposing systems to the perils of man-in-the-middle attacks and various other exploitative moves.
- Account manipulation through online and offline attacks: The landscape is rife with threats targeting account integrity, manifesting through both online and offline assault vectors.
- The Exploitation of ML models from compromised sources: In an era where the modern “hype” for hackers revolves around exploiting ML models sourced from compromised channels, the specter of data poisoning and stolen intellectual property becomes bigger.
Additional information can be found by the link.
I recommend using the Adversarial ML Threat Matrix to raise awareness in this area.We have worked hard to protect the stronghold from the new threat of hackers.
Defending against security threats in modern software environments is a multifaceted challenge that demands a proactive and adaptive approach. Our knights integrate AI into the cybersecurity arsenal, which not only bolsters the defenses but also gains a powerful ally in the ongoing battle against evolving threats. Embracing these technologies is not just a strategic move; it’s a necessity in safeguarding the integrity and resilience of the software ecosystems.
The treasury is filled with the profits from the sales, and the stronghold is safe once again.