“To outsmart a hacker, you need to think like one!”
This is the core of “Offensive security”. It involves breaking into computer systems, exploiting software systems, and finding loopholes in applications to gain unauthorized access. The goal is to understand hacker tactics and enhance our system defenses.
Red teams and penetration testers specialize in these offensive techniques.
Blue teams are part of the defensive security landscape.
The tasks that defensive security would include:
- User cybersecurity awareness
- Documenting and asset management
- Updating and patching system
- Setting up preventative devices: e.g Firewall
- Setting up logging and monitoring devices
There is much more for it.
Security Operations Center (SOC)
A Security Operation Center is a team of cyber security professionals that monitors the network and its systems to detect malicious cyber security events.
Example of the main areas of interest for a SOC are:
Vulnerabilities
Policy violations
Unauthorized activity
Network intrusion
Security operations cover various tasks to ensure protection; one such task is threat intelligence.
Threat intelligence
Threat intelligence involves gathering information about potential and actual adversaries to help organizations defend against threats. A threat is any action that disrupts or harms a system. Different companies face different adversaries, such as nation-state cyber armies for political motives or ransomware groups for financial gain.
For example, some attackers target customer data from mobile operators, while others aim to disrupt industrial production. By understanding the specific threats they face, companies can adopt a threat-informed defense strategy.