X-Industry

Key Findings to Harden Network

Posted by Bill Schenkelberg on March 5, 2023 at 1:50pm

10977935861?profile=RESIZE_400xThe US CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks - Actions to take today to harden your local environment:

  • Establish a security baseline of normal network activity; tune network and host-based appliances to detect anomalous behavior.
  • Conduct regular assessments to ensure appropriate procedures are created and can be followed by security staff and end users.
  • Enforce phishing-resistant MFA to the greatest extent possible.

In 2022, the US Cybersecurity and Infrastructure Security Agency (CISA) conducted a red team assessment (RTA) at the request of a large critical infrastructure organization with multiple geographically separated sites.  The team gained persistent access to the organization’s network, moved laterally across the organization’s multiple geographically separated sites, and eventually gained access to systems adjacent to the organization’s sensitive business systems (SBSs).  Multifactor authentication (MFA) prompts prevented the team from achieving access to one SBS, and the team was unable to complete its viable plan to compromise a second SBSs within the assessment period.[1]

Despite having a mature cyber posture, the organization did not detect the red team’s activity throughout the assessment, including when the team attempted to trigger a security response.

CISA is releasing this Cybersecurity Advisory (CSA) detailing the red team’s tactics, techniques, and procedures (TTPs) and key findings to provide network defenders of critical infrastructure organizations proactive steps to reduce the threat of similar activity from malicious cyber actors.  This CSA highlights the importance of collecting and monitoring logs for unusual activity as well as continuous testing and exercises to ensure your organization’s environment is not vulnerable to compromise, regardless of the maturity of its cyber posture.

CISA encourages critical infrastructure organizations to apply the recommendations in the Mitigations section of this CSA, including conduct regular testing within their security operations center, to ensure security processes and procedures are up to date, effective, and enable timely detection and mitigation of malicious activity.

CISA .pdf file: https://www.cisa.gov/sites/default/files/2023-02/aa23-059a-cisa_red_team_shares_key_findings_to_improve_monitoring_and_hardening_of_networks.pdf

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com             

Weekly Cyber Intelligence Briefings:

  • Reporting: https://www. redskyalliance. org/   
  • Website: https://www. wapacklabs. com/  
  • LinkedIn: https://www. linkedin. com/company/64265941   

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5504229295967742989  

[1] https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a

Views: 26
Tags: ir-23-059-001, cisa, csa, mfa, network security
E-mail me when people leave their comments –
Follow

You need to be a member of Red Sky Alliance to add comments!