" 레드팀 활동에 대한 CISA 경고, 심층 방어의 필요성 강조

레드팀 활동에 대한 CISA 경고, 심층 방어의 필요성 강조

7월 12, 2024 • César Daniel Barreto

The Cybersecurity and Infrastructure Security Agency published a very detailed advisory entitled “CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Need for Defense-in-Depth.” The advisory was based on an in-depth assessment performed in 2023, including TTPs employed by the red team. These findings and recommendations will help executives, leaders, and network defenders enhance cybersecurity.

Key Findings and Lessons Learned

According to the advisory, there are critical insights and lessons from the assessment learned in the implementation of robust defence-in-depth strategies. Key tactics and techniques used by the red team include:

  • Simulated advanced persistent threat vectors aimed at testing network resiliency,
  • Exploitation of weak network segmentation and
  • Sophisticated spear-phishing for initial access.

These results emphasize the ability of organizations to have multi-layer security measures in order to counter such threats effectively.

Recommendations to Improve Cybersecurity

CISA, through its advisory, offers various recommendations that improve cybersecurity, detection, response, and hunting capabilities, which include:

  • Implement defence-in-depth: A concept where multiple layers of security controls should be implemented across an IT environment for protection against potential cyber threats and attacks.
  • Use robust network segmentation: Network segmentation refers to the breaking of the network down into different segments to make an attack spread difficult and, hence, easy to contain in case of a breach.
  • Establish Baselines: Implement baselines of network traffic, application execution, and account authentication to identify anomalies to identify anomalies that indicate intrusions.

These will help organizations repel advanced cyber-attacks and improve their overall security posture.

Importance of the CISA’s Cross-Sector Cybersecurity Performance Goals

According to the document, resources for identifying common and impactful threats, tactics, techniques, and procedures can be found in CISA’s Cross Sector Cybersecurity Performance Goals. These goals are intended to do the following:

  • Provide a baseline set of cybersecurity practices that are applicable across critical infrastructure;
  • Provide benchmarks for measuring and improving cybersecurity maturity;
  • Combine recommended practices for both information technology and operational technology owners;
  • Address national security risks beyond individual entity risks

The CPGs, with in-depth consultation from industry experts and government officials, have been selected to help small- and medium-sized organizations invest in cybersecurity actions that drive high-impact security outcomes.

NIST’s Cybersecurity Framework Alignment

CISA CPGs are aligned to NIST CSF functions. These functions include:

  • Govern: Establishing, communicating, and monitoring expectations and the risk management strategy of the organization.
  • Identify: Understanding current cybersecurity risks to the organization.
  • Protect: Implementing Safeguards to manage the cybersecurity risks to the organization.
  • Detect: Finding and analyzing possible cyber attacks and compromises.
  • Respond: Acting upon detected cybersecurity incidents.
  • Recover: Restore systems, assets, and operations impacted by a cybersecurity incident.

CISA is working on overhauling its CPGs to make them compliant with version 2.0 of NIST’s CSF so that they remain relevant and helpful in response to the dynamic, ever-evolving Cyber Security Scene.

결론

The newest advisory by CISA shall serve as a reminder to have defence-in-depth strategies in place and employ good cybersecurity practices. The recommendations and CPGs help in the hardening of one’s cybersecurity stance against emerging threats.

For more information, please visit the webpage of CISA: 설계를 통한 보안 에서 전체 자문 및 기타 리소스를 확인하세요.

작성자 아바타

세자르 다니엘 바레토

세자르 다니엘 바레토는 존경받는 사이버 보안 작가이자 전문가로, 복잡한 사이버 보안에 대한 심도 있는 지식과 복잡한 사이버 보안 주제를 단순화하는 능력으로 유명합니다. 네트워크 보안 및 데이터 보호에 대한 폭넓은 경험을 바탕으로 보안 및 데이터 보호 분야에서 폭넓은 경험을 쌓은 그는 정기적으로 최신 사이버 보안 트렌드에 대한 사이버 보안 트렌드에 대한 통찰력 있는 기사와 분석을 정기적으로 제공하고 있습니다.

ko_KRKorean