SBN

CySA+ domain #13: Security architecture review and compensating controls

Introduction

Security architecture is the unified security design that stipulates how information security safeguards and controls are deployed in IT systems to ensure the confidentiality, integrity and availability of the data that is being stored, used and processed in those systems. 

An effective security architecture design doesn’t provide porous holes or cyber-vulnerabilities that can lead to data breaches. Therefore, reviewing the security architecture design and then implementing compensating controls based on the weaknesses found during the review is indispensable to avoid future disasters.

DevOps Connect:DevSecOps @ RSAC 2022

By keeping the CySA+ exam objectives into consideration, in this post, we will gain insight into security data analytics, manual review of different categories of logs and defense-in-depth strategies.

Security data analytics

In some cases, organizations outsource their security data analytics to a third-party company, often as part of their Security-as-a-Service (SECaaS) offering. The outsourcer employs security suites and appliances to capture hosted and onsite data, then utilize central tools to analyze such data and prepare reports. They also notify security analysts in the event of discovering new issues.

Below are some controls used for security data analytics.

Data aggregation and correlation

This control involves two steps: data aggregation and data correlation, as the name implies. Data aggregation is the act of collecting data from different sources and then storing it at a central point. Data sources may include server logs, application logs, hypervisor logs and network device logs.

Once the data aggregation completes, data correlation comes into play. Data correlation assesses the sequence of events within available data collected through data aggregation and then identifies anomalies which may indicate a cyberattack or security weaknesses. Usually, Security Information and Event Management (SIEM) is an appropriate and effective security tool used widely for data aggregation and correlation.

Trend analysis

For security analysis, trend analysis provides behavioral insights (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Fakhar Imam. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/7X9lmaCzCUU/