SANS MGT512 Day 3

So, you’re still a bit brain-dead from day 2, I don’t blame you it’s a lot of material. Then again, what else have you come to expect from SANS? Day 3 starts you off a little easier, maybe to let you soak in the material a little more, or maybe just because there’s a little bit of baseline-setting going on first. Day 3 is all about protecting and patching systems, but it’s a little broader than that and includes malware-types and attacks, integrating security into the SDLC and devops, and a little bit about infrastructure in the cloud. Physical security and safety make an appearance on this day as well. It’s important to understand what risks we have there and the implications for everything else we put in place within them.

If you think back to day 1, it was all about risk. Day 2 was focused on the underlying layers of networking, but ultimately about possible risks and how to mitigate them on the network. Day 3 is really about understanding the risk from attacks against our systems primarily at the application layers.

To start the day, we talk about host security and it includes:

  • Anatomy of attacks: including the attack life cycle and examples of the different types of common attacks occurring at the various phases.
  • Malware examples and includes information about the different types of malware and how they are commonly used today
  • Tools to use to combat these attacks on the host, including end-point protect platforms and end-point detection and response.
  • The last section is really focused on security in IaaS. It explains the fundamental differences when your infrastructure is all software-based instead of hardware and VM, and what the security implications are.

The next section is all about security in the software development life cycle and the benefits to integrating security within the processes instead of adding it on later. This is a bit of a mixed-bag of concepts but covers what’s needed at a high-level to help leaders understand what today’s application weaknesses are, why they exists, and how to reduce risk. Topics include:

  • Secure SDLC with information about what a SDLC looks like and what security activities should take place when.
  • This section introduces the OWASP Top 10 and the resources available to development teams
  • Tools available to use at different phases including code testing tools, web application firewalls, and other active tools.
  • We finish this section with devops and how to ensure that security helps, rather than hinders, ensure that teams succeed when embarking on automation of the life cycle.

After a small, but valuable, discussion of physical security, the remainder of the day is spent discussing vulnerability management. You have a scanner and you even use it to scan stuff sometimes. Great! A vulnerability Management program is so much more than that though, and this section dives into how to ensure that you’re covering the entirety of a program. Vulnerability management is a critical part of the organization’s risk management program as well as providing a huge amount of valuable information for measuring the effectiveness of your technical controls.

This last section covers the PIACT (Prepare, Identify, Analyze, Communicate, Treat) process and its importance in having a complete program. It then goes on to cover each of the phases in detail including how to prioritize patching in order to help your patching team, communicate risks to management, and how to measure the program and communicate to all of the stakeholders involved.

You’re now over half-way through the week!