This document outlines five levels of addressing cybersecurity threats:
Level 0 involves basic human instinct and awareness of risk. Level 1 focuses on basic security measures like antivirus and firewalls. Level 2 adds analysis of security logs and events. Level 3 extends detection and response capabilities to endpoints and networks. Level 4 coordinates threat hunting and incident response in a security command center. Level 5 incorporates artificial intelligence to help or fully automate analysis and defense.
This document outlines five levels of addressing cybersecurity threats:
Level 0 involves basic human instinct and awareness of risk. Level 1 focuses on basic security measures like antivirus and firewalls. Level 2 adds analysis of security logs and events. Level 3 extends detection and response capabilities to endpoints and networks. Level 4 coordinates threat hunting and incident response in a security command center. Level 5 incorporates artificial intelligence to help or fully automate analysis and defense.
This document outlines five levels of addressing cybersecurity threats:
Level 0 involves basic human instinct and awareness of risk. Level 1 focuses on basic security measures like antivirus and firewalls. Level 2 adds analysis of security logs and events. Level 3 extends detection and response capabilities to endpoints and networks. Level 4 coordinates threat hunting and incident response in a security command center. Level 5 incorporates artificial intelligence to help or fully automate analysis and defense.
Cybersecurity Implementation How to address How to respond to THREAT
By A. Rully • Security Related Word Cloud Five Level of Addressing Threat
Level 0: Level 1: Level 2:
Instinct Basic Analysis
Level 3: Level 4: Level 5:
Extended Center AI L0: Human Instinct • Living in digital world, but: • Unaware of the risk • Aware but don’t care • Aware and prepare something • Just live up with the risk L1: Basic Security • Malware detection and prevention • Support System • Anti-Virus • NAC • Perimeter defense • IAM • FW • AM • IDS • VA/VM • WAF • etc • IPS • Anti-DDOS • etc L2: Analysis of Security Related Information
• Log analysis (segmented/individual)
• syslog, winlog, any log that have security implications • Security Information and Event Management (SIEM) • Gather all log and information related to security L3: Extended Detection & Response • Incident Response (start from Morris Worm) • First CSIRT in Carnegie University in 1988 • Extended Detection and Response (XDR) • Endpoint Detection and Response (EDR) • Network Detection and Response (NDR) L4: SCC (Security Command Center)
• Consolidate threat hunting with human analysts
• Attack vector mapping • Attack Detection • Malware analysis • Center for Incident Detection and Response • Security components are coordinated and orchestrated • Some parts are automated L5: Goes AI (ML) • AI help security/incident analyst • Augment human analysis: Generative AI ((LLM) • Automated defense • Fully AI (when?) • Arm race with attacker Which level are you?