Day 1

Threat actor - Intruder

1. Cyber Terrorists (Red team)
2. Govt sponsored (Blue)
3. Cyber Criminals (RT)
4. Hacktivists (Gray) 5, Script Kiddies
5. Insiders ()

Vulnerabilities:
1.Configuration -
2.Credential -
3.Patch - Using out of date software (Outdated components)
4.Zero - day - Log4j & Follina

Lockhead Martin Cyber kill chain

1. Reconnaissance
2. Weaponization ---- Stealing Codes
3. Delivery
4. Exploitation
5. Installation
6. Command and Control
7. Actions on Intent - Wanna cry

The WannaCry Kill chain Breaker

Eternal Blue - Vulnerability in microsoft duwe to the SMB version 1.0.

Session 2

Vulnerability: is an weakness in a product that could allow an attacker to compromise the integrity, availability or confidentiality of an product

CIA Triad:
Integrity - data has not modified
Availability - Backup and accessibility of data
Confidentiality - keeping the data secured

Non-security patch: is an software update aimed at improving the product's functionality, resolving non-security related issues by introducing new features or optimization

Security patch: Is a software update designed to rectify vulnerabilities and enhance security by addressing weakness in a product and safeguarding the CIA Triad

Common vulnerabilities and Exposures (CVE) -

1. Independently fixable - Can be fixed independently 2.. Vendor awknowledged -
2. Affects one code base

Common Vulnerability Scoring System (CVSS) -

CVE and CVSS are used internationally

Log4j - affects applications working on java
CVE-2021-44228
CVSS 10.0

Configuration Vuln: Is an unsafe set of configuration in an product that could allow an attacker to compromise CIA triad

BlueKeep: Windows Remote Desktop Protocol - worm-able
CVE -2019-0708
CVSS 9.8

Vuln Lifecycle

1. Discovery - (Penetration Testers) - finding the Vuln
2. Mitigation - () - reducing the risk
3. Remediation - () - trying to resolve them

Petya - wannacry

Drive - by - attacks == bad rabbit

Session 3 - intelligent endpoint patching

intelligent endpoint -- An endpoint that is capable of safely self performing IT management tasks without direct administrator intervention or supervision.

Safe Automation:
Independent Automation:
Timely Automation:

Traditional stages of compliance

Mean time to resolve
Equation, Values, MTTR

Architectural Recruitment

1. Agent-ed solution
2. Bidirectional Communication
3. Persistent Connect ability
4. Flexible Instructions
5. Cross Platform Integrations

Intelligent Endpoint Continuous Compliance:

CIS bench mark

Session 4 - Regulation and Compliance

ISO 27001 - GDPR - universal standards
IT ACT - DPDP - Indian Standards

Regulatory controls

1. Defining requirements
2. Implementing controls
3. Monitoring Compliance
4. Reporting
5. Continuous Improvement

Risk Management

attack surface mangement

//Equifax Breach - 2017
Risk Transference
Risk mitigation
Risk Acceptance