Penetration testing
Penetration testing (often referred to as pen testing) is a simulated cyber attack that’s used to identify exploitable vulnerabilities. In the context of web application security, penetration testing is normally used to check the resistance of a web application firewall (WAF).
Penetration testing can involve the attempted breach of any number of systems, including application protocol interfaces (APIs) and front-end and back-end servers. This can uncover weak spots before hackers find them, such as unsanitized inputs that are susceptible to code injection.
Insights provided by penetration testing can be used to fine-tune an organisation’s security policies and patch any detected vulnerabilities.
Threat intelligence
Threat intelligence is the process of identifying and analysing cyber threats. The term ‘threat intelligence’ can refer to the data collected concerning a potential threat, or the process of gathering and analysing that data. Threat intelligence involves sifting through data, examining it contextually and deploying specific solutions to problems in advance.
Threat intelligence tends to look at the bigger picture of cyber crime. By interrogating threat data, its broader context and constructing a narrative, it’s possible to make well-informed Cyber Security decisions.
Hackers get smarter by the day. To keep up, Cyber Security Professionals share successful tactics and any patterns in hacker behaviour they’ve noticed with others in the cyber community, creating a pool of useful knowledge. In essence, threat intelligence encourages organisations to be proactive, rather than reactive, in the ongoing fight against cyber crime.
Cyber kill chain
The cyber kill chain is a model invented by Lockheed Martin that traces the stages of a cyber attack, flags vulnerabilities, and helps cyber security teams to prevent attacks at every stage in the chain.
The term ‘kill chain’ is adopted from the military, which uses it to break down the structure of an attack. According to the cyber kill chain, there are eight stages in a cyber attack:
The observation stage: attackers typically assess the situation from the outside-in, in order to identify weak spots and tactics.
Based on what the attackers discovered in the reconnaissance phase, they’re able access your network, normally leveraging malware or exploiting network vulnerabilities.
This involves delivering malicious code onto the system so as to get a better foothold.
- Stage 4: Privilege Escalation
Attackers often need more privileges on a system to access data and permissions. For this, they need to escalate their privileges to admin level.
- Stage 5: Lateral Movement
Attackers can now move laterally to other systems and accounts in order to gain more leverage, whether that’s higher permissions, more data, or greater access to systems.
- Stage 6: Obfuscation/Anti-forensics
In order to effectively pull off a cyber attack, hackers need to cover their tracks. They often lay false trails by deleting logs to confuse and slow down any forensics teams.
- Stage 7: Denial of Service
This involves disrupting normal access to the infiltrated system for users and Cyber Security teams, in order to prevent the attack from being monitored and blocked.
Finally, the extraction stage is when the hackers remove the data from the compromised system.
Each stage of the cyber kill chain represents an opportunity to stop an attack that’s already in progress. With properly trained Cyber Security staff and the right tools to detect the signs early, an organisation is better able to defend against a system breach and prevent the attack from running its course.