RCR 035: Recorded Future - CISSP Study and Training by Shon Gerber!
May 06, 2019
Description:
Shon Gerber from ShonGerber.com reveals to you the steps and the cybersecurity training you need to grow your Information Security career while protecting your business and reduce your company’s cyber risk. Shon utilizes his expansive knowledge while providing superior training from his years of cybersecurity experience.
In this episode, Shon will talk about recent Security News:
- CSO Online: Public SAP Exploits
- PC Mag: Wall Street Market Shuttered
- Executive Order to Grow Cybersecurity
Our Cybersecurity Training for the Week is: Recorded Future
Want to find Shon Gerber / Reduce Cyber Risk elsewhere on the internet?
LinkedIn – www.linkedin.com/in/shongerber
Facebook - https://www.facebook.com/CyberRiskReduced/
LINKS:
- Wikipedia:
- Recorded Future
- CSO Online
- PC Mag
- Dark Reading
- NIST.gov
- ISC2 Training Study Guide
TRANSCRIPT:
welcome to the reduce cyber risk Podcast May 6th 2019 episode 35 welcome to the reduce cyber risk podcast for we provide you the training and tools you need for your cybersecurity career hi my name is Sean Gerber and I'm your host for the action-packed informative podcast join me each week and I provide you the information you need to grow your cybersecurity knowledge while taking practical and actionable steps to protect your business from the evil hacker horn all right hey all the stronger begin with reduce cyber risk and we have a wonderful podcast plan for you again this wonderful week I said wonderful twice it's pretty much wonderful like most wonderful Square weekend some awesome things in the cyber-security news and as well as some training is going to be coming on and and I hope you enjoyed an accidental hope I know you'll enjoy it it's a really good stuff that's that's going to be out there in the news and today where we talkin about some key things around the CSO online had a point about public sap exploits PC Magazine talked about wall Street's market shuttered and then the executive order by President Donald Trump to grow cyber-security news for today and then we're going to get into cyber security training is going to be a vendor called recorded future and they deal with threat intelligence alright let's get going sap and Erp what you get another acronym three letter acronym it is an enterprise resource platform I believe it'll take all that something is what it is but bottom line is it's the brains that makes your business run if you are running sap in your environment there is potential and exploit that's out there right now that's affecting of a known vulnerability vulnerability does affect on-premises and Cloud platforms of sap and basically affects the sap Gateway and the sap message server so what they're saying is that if you do run this platform this capability you need to make sure that you do check out and make sure you don't have any what they call security notes for your sap environment patching bottom line does or does not affect your implementation of sap they're saying that in this ESO online that is the issue does affect nine out of ten systems that SAP systems that are out there which is around 900 million systems total which of these blows my mind but again sap is everywhere and it is connected to everything again if you get default configuration on these the system and you can own it you now have access to all of these systems as well cuz it is the big brains and everything is connected to it potentially affected by this recent exploits so if you do have the system you definitely need to get it looked at now it will affect the whole Suite of SD sap ecosystem it's got Hannah the beer are PPL mcrm ABCDEFG that platform sap and it does affect them the other thing is is that also mentioned that it does affect information already is that the on pram or Cloud environments many companies are running to the cloud for their sap installation does allow them to make fixing faster it it's it gives a much more flexibility by posting the sap environment within the cloud but it affects those as well so it doesn't matter whether it's on-prem or the cloud it affect both of those and what does allows you to a man-in-the-middle attack which is basically a puts the attacker in the middle of the communication and what it does is it allows for the system to be compromised and it's basically acting as if there's a VPN it will allow you that full access into it it also has cuz configuration issues even if it's in the cloud and one of the things that they mention that most companies don't do which I've seen this is Wellness actually works well with your process control networks is there's a lack of segmentation they recommend that your sap environment is segmented from your business environment in some form or another the challenge with that is those because your sap environment is the brains and it is integrated with most everything you do from manufacturing to normal business operations it typically is not segmented because it needs that level of connectivity there's also a lack of monitoring tools that are available are people most people have enabled within the sap environment I seen that personally myself through the years is that most companies will say they have sap Security in place and they use that term the standard cyber security aspects but in many cases all that is is just access an account provisioning and so therefore many times I don't also have the at the logging and monitoring and placed on those accounts and so therefore sometimes I get a compromising people don't even know it as a relates to ASAP in the exploits that are out there so if you have that within your environment please make sure that you go out and check it if you are cyber security professional that's working on your cissp definitely get understand sap environment because it's it's a big factor in most Enterprises out there and all these pieces are full flow into the cissp test and cissp questioning show me the next item that we have in our security news is Wall Street Market was shutter know what exactly is Wall Street Market Street Market was it dark part of the dark web and this is was action orchestrate event between the u.s. FBI and the German police that they have there, what the title is but this base with a German police and there's basically 1.15 million users had use Wall Street Market and they basically they shuddered it they shut it down for the it with from the lawn forsmann agencies and what it did was it's sold drugs stolen data and malware was on this dark website basically the German police arrested three administrator specifically from the Wall Street Market and they are going to be having probably bake breaking big rocks into little rocks here for a very long time the servers were seized and taken down and there was basically two drug dealers in the United States were arrested because of it and they were significant drug dealers so the bottom line is that they they were able to bring these guys to justice so the dark web who use the dark web and now that the fact they've got two servers if you visited at that site problems such a good thing cuz they're going to probably be knocking on your door over a. Of time here so what actually happened was is that they were busted because they accidentally had a challenge with their VPN connection and when they cause it an issue with their internet connection it actually released and a reveal the IP address that they were utilizing so then the guys were that were sniffing their the FBI that law enforcement agencies with a with a German they were able to try to trace that back to where they were at and guess what guys everybody's being watched and so when you're trying to do something that's a little bit nefarious as and making trying to make money doing it anytime you're going to get caught unless you live in a country that doesn't have extradition then your best you can try it and see what happens but you know what hit some point in time it may not work out so well for you so that the front side might be good from a financial standpoint but the downside yeah maybe not so much but anyway so that's how they were potentially busted know how they made money was was that each item that was sold they made two to 6% of the cut that was specifically within that item weathers drugs or Marketing in a malware whatever might be so about 2 to 6% now what they ended up trying to do another thing that they were attempting to accomplish we're trying to scam their own client and basically take the cash that was already set aside for to be paid out to individuals so you know basically you you contract something from our standpoint you send money to it there's money held in escrow that they malware occurs does what it wants the money for the funds are released will appears that the administrators were trying to also scam out the 11.5 million dollars that they were supposed to be dutiful to be paid out so it's not a good idea is it apart that these guys don't understand is there organized crime is involved in a lot of this so as your starting to play around with people's money especially the organized crime aspects of this this is not a good thing especially you start going to jail see how that all plays out within they go to jail caught you and your little dog too now what is that mean that's kind of pain on it's a fun on The Wizard of Oz right you and your little dog too did you say that I just had to throw it out there so anyway bottom line is don't do this stuff and don't get caught and if you do this stuff guess what next one okay this next one is a an executive order from President Donald Trump in the United States to grow cybersecurity now the purpose of this is that is basically to recruit and educate more cybersecurity professionals know if you're aware of it reduce cyber risk was brought on for that specific reason and we focus on cissp training which is the granddaddy of all cyber security training and there's cissp questions that follow into it well the point of that is is that if you're going to be a cyber-security professional at some point in time you will have to deal with the cissp and that's the purpose of reduce cyber risk is to give you that level of expertise that you need well the cool part about it is that now that US government is putting in place and executive order try to help in that space as well and the purpose is that by 2022 they're saying that there's going to be close to 3.5 million cyber security jobs are going to go unfilled that are open for people to go after and they don't have enough cash to fill those positions so that's why they're trying to do this the purpose of it though is to include work-based learning apprenticeships and Blended learning, really sure what the Blended piece of this is but bottom line is that they're using work studies to help people in the cybersecurity space so you're going to go to work do cyber risk and the training that we provide to help you get what you need and that's what this executive orders designed to do is to kind of help tear down barriers to help people get this I said they'd so desperately need from a management standpoint there's a cybersecurity rotational assignment program now this sound we're waiting to see how more comes out of this and I'm only giving you this a brief cuz that's all I really have at this point but they're it's looks very similar to what we did in the military wear when you become a commander I usually about two to three years they move you on to a new assignment and the purpose of that is is to basically get you experience in different aspects so it looks like to me that's what they were going to be playing here from a management standpoint so as you move managers around to different roles they get opportunities in different places and it just it's just good business right there also going to provide an award and decorations for security performance so again Falls no lines of is to make them excited not everybody is motivated by money people like time quality of life people like just even public praise and awards and decorations and so far he's also going to have the President's Cup which is an annual cybersecurity competition which I think it's great you know again put more incentives out there to get entice people to get into the cybersecurity world and against bridge this Gap also going to use the national Initiative for cybersecurity Education nice nice why does or acronym to remember the cool part about this and I haven't really dug into this yet so it'll be interesting to see what this is and I probably will put a podcast out there about this at some point but it's the mandatory use of a framework that they're putting a place to teach you how to educate individuals and I look to the laundry list of people that have helped put together and it did come from Academia came from the government as well and it's focused on nearest which is a National Institute of Standards and Technology SP it's a special order I think 800 - 181 so I'll dig into that little bit and see what that looks like but there's basically breaking it into a couple different bucket's got categories specialty areas and work roles are the categories is a high-level grouping of cybersecurity functions and they're going to focus specifically on these specific categories and I believe it would be like you're doing vulnerability management or you're doing red teaming or you're doing big buckets could just be your ideal Datacenter let you know I'm hyperbolizing just a bit here on what I think it is I haven't dug into it completely but from what I understand it's the categories especially Aries and work rules don't especially Aries is distinct areas of cybersecurity work which would probably be more like again your red teaming that would be a very specific specialized area in cyber-security vs. maybe audit would be a very specialized area within cybersecurity your work roles this would be the more detailed knowledge skills and abilities knowledge-based aspects that you would learn this is all part of the nice or the national Initiative for cybersecurity education Miller part of that is the Aden I who is a key audience around nice the Employers in this is to help assess their cybersecurity Workforce and identify gaps in cybersecurity Staffing that's kind of how the reason again I'm going to put a plug in where do cyber risk cuz we will help you with that but again you could I see it right now with what I did as a Cisco is such a chief information security officer working and at working in security operations center working as a red team Commander I've seen this weather is significant gaps as a relation cybersecurity in the Staffing and understanding really what you have and I kind of go back to the point where we did I helped train wrench Turners on B1 bombers to become Packers and it's just trying to figure out how do you best staff that is also going to help current future cyber security workers explore task and work roles the staffing specialist have in place to support jobseekers employees help training and certification providers as we deal with the cissp you've got is c squared you're going to help them that are providing me certifications to help provide standard training or a ksa's knowledge skills and aptitude I think that's pays for technology providers it's also going to help technology providers identify cybersecurity work roles in their specific tasks a really good mood it's also going to help more formalize the whole cybersecurity world itself so I think it's a good step forward how it all plays out who knows but did the Gap is there you got to try something and you better to try something and fail than not try anything at all and I think this is a great way of just trying something to see if they can get something moving let's move on to our training recorded future this is a threat intelligence service at from a vendor called recorded future and it's really cool when you deal with red intelligence and I kind of get into this a little bit of far as why this is an important aspect as you're dealing with training edge of dealing with a business right so as if you're focused on your cissp training you're going to want to know how your Security operation Center which I believe is Domaine 7th amounts taken of your cissp and the threat intelligence is a key aspect of a security operations center for a business that's looking to have this capability you probably need to understand what is threat intelligence and how does it work well it's kind of role into that can I get a background about myself again if you haven't saw you can see it through episode 1 I can't go around some introductions not me but line is I was a commander of an Air Force red team we focus on acting as an adversary of an organization of like Russia France whoever you know yet and I'm the same Francis is a adversary but I'll cut all countries outside of the country you live in our adversaries at some point or another but we would emulate how that would work well we had an intelligence cell that helped us to to put all this together right so I can hack into something but I don't know what it means until I pass it to the intelligence folks to understand what is it actually mean eras manager of a secret operation Center deal with intelligence all the time and so therefore you had understand what is going on within your organization within the Enterprise that you're having to protect and you have to have intelligence that helps that as well and you need intelligence that feeds into your sim which is your security incident event management system Splunk arcsight there's many other sins that are out there to radar you have to have some level of intelligence that flows into those as well and so therefore this is an important piece of any of your event protection of your company and your Enterprise not so recorded future yeah that sounds good I've heard of that done good and let's just talk about a little bit so what is a good education for me to help reaffirm what I already know or when I don't know and then choose the kind of pass all this information on you all to help decide what you want to do and if you're if you're cissp there's probably questions on this as well future was founded in 2009 and Somerville Massachusetts not too far from Boston by Christopher alberg ahlberg and with IBM and arcsin assault so there's there isn't a good partnership when you're dealing with the intelligence rolling into your security incident event management solution now there's some competitors out there on the market right now there's threatconnect versiv darktrace and there are others and I've heard of that that mean thing of the three that I've really heard a lot about but they are competitors and the reason there's competitors is because of the why is the market so good while the market is 1.5 billion dollars are expecting and that was in 2018 is what they're saying that is a Gob of cash that's a lot of money that's specifically in the cyber security intelligence space you know what you're going to get some people that are going to be doing this thing and you really but you need a good product because guess what well is 3.5 million cybersecurity people that are short of those those are a threat intelligence analyst can't find them all and you need to automate this stuff and because there's gobs of log dated it's flowing in you got to have somebody to help you kind of sort and sift through all about tents that's where recorded future girls in they have some products that they roll out provides research their Integrations is basically how to integrate with API and web pages until 4 and then they have on that demand threat analysis not paid by Threat by recorded future so I'm just giving you I haven't really I've seen it I work with it a little bit I haven't huge Deep dive into it but everything I've seen and talked to people and I have research myself there they're good company but I'm not being but not a paid spokesman for them by any means so how does this work so how does threat intelligence work it works to a couple different areas especially as we're dealing with recorded future not to talk about machine learning language processing and pattern recognition what the Dickens does any of that mean what the machine learning obviously she's got to have a bot that takes in information warrants from it and then turns around and uses lies that information and then provide something of value out of it and because you have analyst they can't look at the stuff all the time so you need some level of machine learning and involved to start sifting through all the data now if you're a cybersecurity professional and you were working on your cissp you probably learned that there's a lot involved and if you're a small or medium-sized business you've got God if you're in an Enterprise you got gobs of Gods. a bunch but bottom line is you got a lot of information rolling its you need machine learning to roll through that and understand what is legit what is it or at least cart to parse it out and of different buckets everybody speaks English everybody speak Spanish or Chinese Plumbing in you have to be able to parse that you have to have the ability to translate that information to understand what exactly you're reading and then pattern-recognition you got to have the ability to understand patterns and then of those patterns that will give you guidance around indicators of compromise and what might be affecting your company the collection of threatening I just technical sources that open web you basically your internet your dark web and other threats or scissors other fees that they make it as well and all the stuff he's into their big brain right it's like the Matrix install feeding in and then they basically they aggregate through it using algorithms using intelligence resources using other analyst to kind of comb through it and provide their level of intelligence another integration that various Integrations and these are from a just what they put on their website and I know there's others that have looked at this cuz specialized you're dealing with apis there's all kinds of Integrations you can build into this but tenable deal with vulnerability management so you're dealing with vulnerabilities and we'll talk about some use cases where this is a big factor Palo Alto on their firewalls which it passes that threat intelligence to the firewalls to see it at the fire was cuz they're usually the first line of defense write your firewalls Splunk is it will help you with your analyzing and deal with the platform they're resilient investigations and then eclectic IQ is a contextualize indicator so those are some ways that they just be this data and it helps build context and everything application so that if you go to a website that maybe have malware involved you can add an extension to your browser that would say put your stuff here so you can integrate that into your web browsers and that's just basically it's the intelligence is directly into the web page they also have an application when have a dashboard that you can log-in specifically and see what's going on within your or Enterprise because it all feeds back to the intelligence platform and then they have expert analysis that can walk you through what they're seeing so basically have a person that is a using their Cranium and their brain to be able to provide you real-time analytics support now there's data into the entries in events at various areas that the work into this and I'm going to show you real quick my third grade education going to struggle self ontology yet I can barely even say that work this is the definition on Webster it's set of Concepts and categories in the subject area or demand that shows their properties and relations between them okay what does that really mean it breaks ideas into groups based on names properties relationships third grade that was probably more like fifth on that one but it breaks in the buckets makes it easier for you to understand one of the things that they mentioned was in there and this is actually really cool that use Wichita San Francisco and Houston it will globgor glob why the heck did I come up with that it will group them into an area called cities right are all cities and it'll open pocket so that now it's easier to understand but this is done through automation right so you don't have some guy going that's San Francisco Cassidy got dumped those thing will go through all of it and don't put all in a way that you can understand not that you understand but the brain understands it the language interpretation they also have seven languages so they'll roll through Russian and Little D fashion isn't what is actually that information English contextual standpoint and then it goes through different languages all 6322 languages there on the globe but it goes to the seven main ones that they see is majority of where these attempts come from the events that will start the concept over time Martin's Tire thing together structures to text in the languages they what it does there is it actually a scam around itself their example that they had was if it sees it come in as apple apple if it's a capital A it will consider it as the company Apple versus a small letter A would be the fruit that you munch on the Apple we can basically help with reduce some of the guesswork on what exactly is that now is it 100% troop now it's going to make this going to miss stuff but is it pretty closing figures out the context of the sentence and then it will bucketize it based on that pretty cool myself it's pretty awesome halibut classification in predictive analysis or analytics it will do a vent classification of duris course based on the malicious entities that is part falls into that car that I talked about earlier and it will classify it based on the machine learning and with the humans will look at as well so that Moschino bucket it as high-risk and the animals to look at it maybe not so much or or the NFL it has some pieces of human interaction obviously and I didn't read this some might some of the documentation but I'm assuming that what it does if if the brain if the automation feels highly confident about a score than that they're human probably won't look at it if it has questioned about it than the human will probably rolling on it so it'll be interesting to see how that works but bottom line is the automation is to help reduce the false positive Predictive Analytics to help create a predictable outcome what is the plan what does it look like and again you can find enough things that are the same it's can predict a lot right it's just the problem is with you if we could do that and analyzation and we can predict the future 2 if we have enough information the problem is those are so much data are human little human brains can't go through it all but that's what we use our brains to help take it to the next level you can't correlate in somewhere Spock's of respective going well is that little Nuance that is actually this so a I haven't gotten there yet but that's pretty cool part about a Predictive Analytics so now there's some key use cases around this one is security operations massive amounts alerts we can talk about this in their super amount of pot false positives will this will allow and listed focus on what is important it brings to the top like like I don't know if the floaters it brings the floaters to the top and let you scoop off the and so if you can use a floater in anytime that you wish to use a floater in but bottom line is it brings it to the top and that therefore security operations can focus on it the incident response also helped clean up false positives and when your deal with incident response the last you want to be doing is Chasing Ghosts and chasing things that are not a legitimate issue well that says where this the Automation in the machine learning will come help add that context and help you give you that fix it will help save time for me to respond standpoint because of that you got is heck's going on last thing you want to deal with his going here I got to go movies like the big flashing light bulb this is what the bad you need to focus on this that's what the interest of Peace will come in with recorded future building management in also will help with understanding your patching so yeah this one year you need to patch this thing because it's exportable it's in the wild You're vulnerable because you think sitting out there in the DMZ yeah you need to focus on this one versus okay it's got a low-risk we're not at this time it'll tell you how can I help you with your point you in the right direction around that so that's good and it also helped us attackers are costly looking to manipulate exploits out there this will help give you some guidance and Direction around them and also cross-references cve which is your coming vulnerability that's what it was but your CVV number and it will give you an overall risk or based on it so a lot of really cool stuff can come out of this as risk analysis for greater context tours models of measurements so gives you some analysis around that which I just got done taking some Fair training which is really cool trending actually but on a different topic but it gives you some better context around the wrist models and also allowed access the vulnerabilities that are potentially being attacked right now fraud prevention I love in the fact that if it will monitor criminal communities and dealing with payment I don't know about you all but I'm not apps on my phone that tell me what my credit cards use and it's like instantaneous it is so cool so somebody steals my credit card I want to know like immediately that something bad happen so I guess that's cool at this is actually search the dark web looking for potential issues with your credit cards compromised data is looking for lead credentials and then typosquatting where in the case of you have a say coke coke drink.com what you went COC e.com was felt sort of if somebody makes a mistake on the on the domain name and then redirect people to it and it'll hurt you on newly registered fishing or type squatting demand so you throw line what domains you want and it will alert on those with your domain is xyz123 and you know that typosquatting is XYZ 124 well then it would let you know that if that domain is registered so it's pretty cool actually can help Stave off some issues when is the third party risk module other cool part about this is that it if you're dealing with cyber security in your deal with the cissp you're going to understand that third-party risk is a huge part of what you do and it's basically saying is 44 percent of it organizations are not prepared for third-party risk know that for a fact that is a truth and they're basically saying 39% of the data collection is insufficient has comes from recorded future but realistically it's true I mean whether it's 44 or 45 or 50 per-cent does it really matter the bottom line is that your third party risk is a monstrously huge seriously that's that's cool but bottom line is the key features around this is that's going to help you quantify the risk with your third-party there a huge risk and a lot of times companies will have third parties that larva direct access into your organization cards that I talked about earlier will provide an overview of the risk now they put together unified data points and then they help you around company IP addresses and so forth and this time just thinking about this right now as I'm talking about it I know a specific area right now and what I do on a daily basis I want to be able to use this this is awesome this is really really cool real-time effects and how their company is doing and if you know if you have a company XYZ that has malicious IP addresses one that got compromised systems and servers that are out in the dark web this is a really good way to help with that and allow for setting up automatic alerts on this is awesome I'm sorry I just had a brain my brain's my poop Zinger patient into a full Solutions while all kinds of alerts that are integrated to the intelligent life on this is really cool. It's I'm just really excited about it so sorry I'm just getting a brain for it that's just so cool modules really cool with recorded future all right that's the tray I have for today we here are some of the links to Wikipedia recorded future CSO online pcmag dark reading and this. Government.gov price bottom line is is that reduce cyber risk I got some awesome free stuff what the way am I put my whole purpose is that the bride cyber security training Made Simple Made Easy and the cissp is such a big part of that you're going to be getting that I'm going to be offered a bunch of free stuff for you just for coming to visit reduce cyber risk so I can look it up a change in what we're doing but bottom line is it is awesome of what's happening in the cybersecurity space if you are cypress tree professional you will love where it's going and a plug-in this reduce cyber risk and I can help you get there all right hope you had a great day hope you enjoyed this training and I will catch you on the flip side cast if you like what you heard please leave a review on iTunes we appreciate any and all feedback videos that are on YouTube just search for Sean at Shon Gerber and you'll find a plethora of content to help secure your business lastly had to reduce cyber risk and look for the free stuff lots of free stuff and it's only available for our email subscribers it's growing each and every day thanks again for listening
CISSP Cyber Training Academy Program!
Are you an ambitious Cybersecurity or IT professional who wants to take your career to a whole new level by achieving the CISSP Certification?
Let CISSP Cyber Training help you pass the CISSP Test the first time!
