Data protection and compliance present daily challenges. Security specialists must be on their toes to assure that controls remain in place and perform consistently. Despite good intentions, more than half of organizations are still struggling to design, implement and maintain a sustainable compliance program.

One challenge is that many security professionals believe they can protect data by following a script, as if doing A, B and C in the correct order will achieve effective and sustainable data protection. In the real world, things are messy. Organizations might be spending a lot of time and money creating their DPCPs, but many are ineffective and fail to advance beyond a program that looks good on paper but
does not withstand the scrutiny of a professional security assessment. The DPCPs lack the design, implementation, review process and revisions to become effective and sustainable.

Additionally, organizations have inadequate or overly complex strategies, which originate from a lack of proficiency in designing, implementing, monitoring and evaluating a DPCP.

Click to download

What is Hunting?

Most security technologies, tools, and processes are passive. They’re triggered by events or conditions that generate some prescribed response ─ not unlike how your immune system works to detect and address foreign bodies. Enterprise antivirus is a well-known class of technologies that illustrate this process particularly well. But these passive controls and workflows are rarely immediate. Adversaries may be able to dwell undetected in your environment for hours, days, weeks, months, or years. Even worse, adversaries have learned to maximize their success with minimal dwell time, which leaves you the narrowest margin of error to prevent data theft or business disruption.

Threat hunting has become one of the more important functions of mature security organizations – a rare capability that enables them to address gaps in passive security solutions. But at first, threat hunting can be a daunting endeavor. How can you detect attacks that don’t deploy malware or leave behind known indicators of compromise? How can you deduce the presence of “fileless”attacks that minimize disk-based evidence? The goal of this guide is to help security teams cultivate the skills and procedures that enable threat hunting.

The first chapter provides an overview of threat hunting concepts and shares ideas for integrating threat hunting into security operations. Subsequent chapters explore techniques for hunts based on different adversary techniques. Appendices offer reference materials to remind you of key information. When you pick up this guide you join a global community of security professionals. Together we can reshape the security landscape by sharing knowledge and best practices on how to protect the world’s data from attack.

Click to download

Condition-based maintenance (CBM) is a maintenance strategy that monitors the actual condition of an asset to decide what maintenance needs to be done. CBM dictates that maintenance should only be performed when specific indicators show signs of decreasing performance or upcoming failure. Checking a machine for these indicators may include non-invasive measurements, visual inspection, performance data and scheduled tests. Condition data can then be gathered at specific intervals or continuously (as is done when a machine has internal sensors). Condition-based maintenance can be applied to mission-critical and non-mission-critical assets.

Unlike in planned maintenance (PM), where maintenance is performed based upon predefined scheduled intervals, condition-based maintenance is performed only after a decrease in the equipment condition has been observed. Compared with preventive maintenance, this increases the time between maintenance repairs because maintenance is done on an as-needed basis. This also helps in reducing the unplanned downtime because of sudden breakdowns as machines are continuously monitored using sensors.

Click to download