My key takeaways
- stop panicking, the Solarwind hack is over. C2 channels are dead. Party is over.
- don’t poke at the IOC’s *
- focus on the fundamentals and how to avoid it happen again
- Fundamentals:
- DNS most valuable hunting artefacts
- Know what you have where
- Know all your software
- Where are the blind spots? <- detect anomalies
- Doesn’t have to be expensive: SecurityOnion is free
- Should there be a council enforcing higher standards for critical infrastructure or supliers for critical infrastructure?
- probably to come
- national software like OS in North Korea or Email clients in Russia indicate how serious other nations take also the suply chain
- certifing people improved quality incrementaly
- Software might benefit as well
- Do a due diligence for software to be installed as you would do for a merger
- More "boxes" (security hardware) wont help
- Having a CISO in a company will not avoid being hit from events like Solarburst
- Continous churn of Director of security / CISO -> sign for dumpster fire
- Director of security / CISO stays for 15 years? <- uhuh, probably excuse role
- Don’t use it as an excuse to NOT patch!
- Antivaxer – Antipatcher
- who already practices incident response round tables knows where he stands right now
- *) IOC
- indictaors of compromise
Env
- Provided by
- Presenters:
additional links
- https://github.com/Security-Onion-Solutions/security-onion
- https://www.cisecurity.org/controls/cis-controls-list/
- https://censys.io/
- https://crt.sh/?Identity=%25&iCAID=7395
Photo by Kym MacKinnon on Unsplash