Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: Internet Storm Center - SANS Internet Storm Center Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

What Assumptions Are You Making?

Published: 2019-10-19
Last Updated: 2019-10-19 13:10:21 UTC
by Russell Eubanks (Version: 1)
0 comment(s)

If my security agents were not working correctly, then I would get an alert. Since no one said there is a problem with my security agents, then everything must be ok with them. These are just a couple of the assumptions that we make as cybersecurity practitioners each day about the security agents that serve to protect our respective organizations. While it is preferable to think that everything is ok, it is much better to validate that assumption regularly. 

I have been fortunate to work in cybersecurity for many years and at several diverse types of organizations. During that time, I always found it helpful to check on the status of the security agents periodically. I have found that by scheduling regular and recurring calendar reminders, I can better validate the assumption that the security agents are working as intended. Specific areas of focus include both confirming the security agent is installed correctly and that it is performing the actions specified in the policy. 

Central monitoring consoles are a great place to start for security agents that have not communicated back to the console within an acceptable time. The output from the console can be compared to the Inventory and Control of Hardware Assets to ensure that every system has a security agent installed. Whether an automated or manual task, this practical step can help to validate that assumption. 

What assumptions can you validate today? Think about that over the weekend and determine to take action on Monday morning! By being intentional to validate the health of your security agents, you can do a great deal to validate the assumptions you are making.

How to a how long can you stand not to know when your security agents are not working as expected? Let us know of your successes in the comments section below!

 

Russell Eubanks

ISC Handler

@russelleubanks

10 Visibility Gaps Every CISO Must Fill

0 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Quick Malicious VBS Analysis
Oct 18th 2019
1 day ago by Xme (0 comments)

Phishing e-mail spoofing SPF-enabled domain
Oct 17th 2019
2 days ago by Jan (0 comments)

When MacOS Catalina Comes to Life: The First Few Minutes of Network Traffic From MacOS 10.15.
Oct 16th 2019
2 days ago by Johannes (0 comments)

Security Monitoring: At Network or Host Level?
Oct 16th 2019
3 days ago by Xme (0 comments)

YARA's XOR Modifier
Oct 14th 2019
4 days ago by DidierStevens (0 comments)

YARA v3.11.0 released
Oct 12th 2019
6 days ago by DidierStevens (0 comments)

View All Diaries →

Latest Discussions

Suspicious Domain Scoring
created Oct 4th 2019
2 weeks ago by Luke (1 reply)

SANS ISC InfoSec News RSS Feed broken?
created Aug 29th 2019
1 month ago by Adi (2 replies)

Attack
created Aug 14th 2019
2 months ago by Anonymous (0 replies)

"Network Mom ACL Analyzer" finds errors, matches, and duplicates in Cisco ACLs
created Jul 29th 2019
2 months ago by DarrellRoot (0 replies)

Worth protecting my website?
created Jun 28th 2019
3 months ago by Anonymous (3 replies)

View All Forums →

Latest News

Top Diaries

Wide-scale Petya variant ransomware attack noted
Jun 27th 2017
2 years ago by Brad (0 comments)

Using a Raspberry Pi honeypot to contribute data to DShield/ISC
Aug 3rd 2017
2 years ago by Johannes (0 comments)

Second Google Chrome Extension Banker Malware in Two Weeks
Aug 29th 2017
2 years ago by Renato (0 comments)

Detection Lab: Visibility & Introspection for Defenders
Dec 15th 2017
1 year ago by Russ McRee (0 comments)

An infection from Rig exploit kit
Jun 17th 2019
4 months ago by Brad (0 comments)