{"id":48325,"date":"2024-03-06T14:19:57","date_gmt":"2024-03-06T12:19:57","guid":{"rendered":"https:\/\/itcluster.lviv.ua\/?post_type=itid&p=48325"},"modified":"2024-03-06T14:54:48","modified_gmt":"2024-03-06T12:54:48","slug":"fortifying-your-digital-stronghold","status":"publish","type":"itid","link":"https:\/\/itcluster.lviv.ua\/en\/itid\/fortifying-your-digital-stronghold\/","title":{"rendered":"Fortifying your Digital Stronghold"},"content":{"rendered":"\n

<\/p>\n\n\n\n\n\n

\n
<\/div>\n
\n
\n
\n
\n

March 6, 2024<\/p><\/div>\n

12 min read<\/p><\/div> <\/div>\n

\n

Fortifying your Digital Stronghold<\/h1>\n <\/div>\n
\n
<\/div>\n
\n
\n
Oleksii Popov<\/h6>\n <\/div>\n
\n
Global Director of Engineering Solutions at Customertimes<\/h6>\n <\/div>\n <\/div>\n <\/div>\n <\/div>\n <\/div>\n <\/div>\n<\/section>\n\n\n\n\n
\n
\n
\n
\n

Numerous articles explore the vast landscape of cybersecurity. So when Oleksii Popov, Head of Digital Engineering at Customertimes, set out to craft his piece, he opted for a unique perspective. Weaving a tale that involves noble cyber knights and insidious hacker villains, Oleksii contends that even the most intricate and crucial topics, like technology industry security, become more engaging when infused with a touch of adventure.<\/p>\n<\/div>\n <\/div>\n <\/div>\n <\/div>\n<\/section>\n\n\n\n\n\n

\n
<\/div>\n
\n
\n
<\/div>\n
\n

Let\u2019s start with a fable. Once upon a time, there was a platform called \u201cMy stronghold\u201d.<\/p>\n

The Lord of this stronghold wanted merchants (Sales Managers) to be successful, artisans (Cloud Application Developers) to work peacefully, treasury to be filled by transactions and aristocrats (End users) to be happy. The stronghold needed to work hard and produce new goods for aristocrats.<\/p>\n

But one day, a group of bandits, known as \u201cThe Hackers\u201d, were trying to steal the treasury and the secrets of the castle.<\/p>\n

The Lord of the castle has to call upon his knights (Security team, Architects and DevOps) to defend the stronghold from this new threat. These cyber knights are well-trained in the art of war, but they have never faced an enemy like this before. The hackers were using new tactics and weapons that the knights had never seen.<\/p>\n

The Lord needed to educate knights on tactics to defend the digital assets of the stronghold in the modern world of clouds and AI.<\/p>\n

 <\/p>\n

Understanding the landscape<\/strong><\/h4>\n

The knights\ufe0f must use their wits and their knowledge of the castle to defend it from the hackers. But first, they need to understand what to defend.<\/p>\n

To build a comprehensive inventory of the components and their metadata and connections they should compose a Software Bill of Materials (SBOM). SBOM should include Data Fields, Automation description, Practices and Processes used.<\/p>\n

Knights used an SBOM automated tool to create one to make it faster. It helped not only to improve security but also contributed to compliance, transparency and collaboration, risk management, and cost optimization. It showed redundant elements of the system and \u201ccode bloat\u201d. By optimizing it, cyber knights decreased the \u201cattack surface\u201d. SBOMs can help artisans identify redundant coding, making it easier to eliminate duplicate or unnecessary additional tools.<\/p>\n

Cybersecurity threats have become more sophisticated, from traditional malware to advanced persistent threats and zero-day vulnerabilities. Our knights suggest using penetration testers\u2019 tools to verify the defense. Cyber knights use AI to prepare attack plans. It\u2019s better to mirror such activities to build our defense. So we need to prepare attack plan regularly, think it over and adapt against it.<\/p>\n<\/div>\n <\/div>\n <\/div>\n <\/div>\n<\/section>\n\n\n\n\n\n

\n
\n
\n
\n
\n
\n

Identifying privileged users<\/h4>\n

Knowing who holds privileged rights in a domain is crucial. Start with a review and IAM roles audit. Search groups and users, using specific search strings such as \u201cadmin\u201d as a first step. Downgrade privileges, mitigating potential escalation by attackers.<\/p>\n<\/div> \n

\n

Read also:<\/h4>\n <\/div>\n
\n
\n
\n

December 13, 2021<\/p>\n <\/div>\n

\n
Building\u200c \u200cStartup\u200c \u200cEcosystem\u200c \u200cin\u200c \u200cLviv\u200c \u200c<\/h6>\n <\/div>\n <\/div>\n
<\/div>\n <\/div>\n <\/a>\n <\/div>\n
\n

Configure session monitoring<\/h4>\n

Configure monitoring and security shields to highlight active sessions of specific users on hosts. This helps defenders stay ahead, minimizing an attacker’s path to privileged escalation.<\/p>\n

Implement AWS CloudTrail to log API calls, providing visibility into actions taken on resources.<\/p>\n

Set up AWS CloudWatch (or alternatives) to monitor and generate alerts based on predefined security metrics and anomalies. During the defense preparation of the stronghold, we want to be aware of all the movements. And react in case something goes out expected path.<\/p>\n<\/div> <\/div>\n <\/div>\n <\/div>\n <\/div>\n <\/div>\n<\/section>\n\n\n\n\n\n

\n
\n
\n
\n

Password policy oversight<\/strong><\/h4>\n

Regularly checking password freshness is a key practice. Knights ask us to take it seriously. As well as 2-factor authentication wherever possible.<\/p>\n

The artisans are skeptical at first, but they soon realize that the new weapons and defenses are necessary to protect the stronghold from the hackers.<\/p>\n

 <\/p>\n

Navigating complex networks<\/strong><\/h4>\n

For intricate networks with multiple domains, it is hard to make a proper configuration. Make a diagram with a clear map, aiding defenders in understanding the network’s domain structure and relationships. Once you have a clear picture of your networks, you can gather your party of defenders and think of ways to prevent threats.<\/p>\n

Re-vamp VPC configuration and port usage.<\/p>\n

Use AWS WAF (Web Application Firewall) which helps protect web applications from common web exploits, by allowing you to configure rules to filter and monitor HTTP traffic.<\/p>\n<\/div>\n <\/div> \n <\/div>\n <\/div>\n

<\/div>\n <\/section>\n\n\n\n\n\n
\n
\n
\n
\n
\n
\n

The knights\ufe0f must use their wits and their knowledge of the castle to defend it from the hackers. But first, they need to understand what to defend.<\/h2>\n <\/div>\n

Defending against exfiltration attempts<\/strong><\/h4>\n

Identifying and preventing data exfiltration attempts is challenging. Our knights utilize cloud tools like Amazon GuardDuty for threat detection, including data exfiltration attempts and Macie to discover, classify, and protect sensitive data which leverage machine learning to enhance security.\u00a0<\/p>\n

This will help our stronghold defenders, allowing them to test and enhance egress solutions systematically.<\/p>\n<\/div>\n <\/div>\n <\/div> \n <\/div>\n <\/div>\n<\/section>\n\n\n\n\n\n

\n
\n
\n
\n
\n

ML threats<\/h4>\n <\/div>\n <\/div>\n <\/div>\n
\n
\n
\n
\n

It’s essential to acknowledge that ML models may undergo training on datasets that aren’t necessarily fortified with the highest security measures. Within this context, certain prevalent threats emerge:\u00a0<\/p>\n