1 00:00:07,480 --> 00:00:09,920 - [Instructor] To completely defend against today's threats, 2 00:00:09,920 --> 00:00:13,060 security professionals, otherwise known as the good guys, 3 00:00:13,060 --> 00:00:16,530 have to be right 100% of the time. 4 00:00:16,530 --> 00:00:18,590 Now the miscreants, or the bad guys, 5 00:00:18,590 --> 00:00:22,600 they actually have to be right only once to do harm. 6 00:00:22,600 --> 00:00:24,620 In order to protect your network, 7 00:00:24,620 --> 00:00:28,620 you must have a balance between visibility, 8 00:00:28,620 --> 00:00:30,310 and between control. 9 00:00:30,310 --> 00:00:33,970 You must combine tools like network Meta-data extraction, 10 00:00:33,970 --> 00:00:38,970 and NetFlow, malware detection, IPS, threat intelligence, 11 00:00:39,300 --> 00:00:42,320 full packet capture, server and endpoint logs, 12 00:00:42,320 --> 00:00:43,602 and much more, right? 13 00:00:43,602 --> 00:00:46,600 This is actually easier said than done, right? 14 00:00:46,600 --> 00:00:50,410 Complexity is actually the enemy of security, right? 15 00:00:50,410 --> 00:00:53,760 The more complex your environment, 16 00:00:53,760 --> 00:00:57,660 the harder it is to monitor and protect it. 17 00:00:57,660 --> 00:01:00,010 And now you want to reach a good point 18 00:01:00,010 --> 00:01:03,300 where the capability of the security monitoring tool 19 00:01:03,300 --> 00:01:06,500 you actually have deployed is greater than 20 00:01:06,500 --> 00:01:09,570 the complexity involved managing such tools 21 00:01:09,570 --> 00:01:11,250 or such products, right? 22 00:01:11,250 --> 00:01:14,310 You can never get a 100% secure network. 23 00:01:14,310 --> 00:01:17,700 No product of any size, any type of vendors, 24 00:01:17,700 --> 00:01:20,430 or any type of security products 25 00:01:20,430 --> 00:01:24,890 can actually provide you 100% security at a given time. 26 00:01:24,890 --> 00:01:29,090 So anti-virus and firewalls are not just enough 27 00:01:29,090 --> 00:01:31,380 to stop advanced targeted attacks. 28 00:01:31,380 --> 00:01:35,450 You actually must have a balance between products, 29 00:01:35,450 --> 00:01:38,270 people, and processes in order to 30 00:01:38,270 --> 00:01:41,100 successfully monitor and protect your network. 31 00:01:41,100 --> 00:01:43,340 You should always assume that your network is actually 32 00:01:43,340 --> 00:01:46,193 compromised and think like an attacker. 33 00:01:47,110 --> 00:01:48,250 Now in previous lessons, 34 00:01:48,250 --> 00:01:50,970 you learned what is defense in depth. 35 00:01:50,970 --> 00:01:53,330 You must apply these concepts to successfully 36 00:01:53,330 --> 00:01:54,810 monitor your network. 37 00:01:54,810 --> 00:01:59,810 Use a layered onion diagram to understand how to protect 38 00:02:00,380 --> 00:02:02,530 your critical assets and how to place 39 00:02:02,530 --> 00:02:06,040 visibility and control tools within your network. 40 00:02:06,040 --> 00:02:08,390 This layered diagram actually will help you 41 00:02:08,390 --> 00:02:12,160 understand the traffic flows and where you actually have 42 00:02:12,160 --> 00:02:15,127 security gaps and how to deploy technologies, 43 00:02:15,127 --> 00:02:17,910 and security technologies and visibility technologies 44 00:02:17,910 --> 00:02:20,300 to close those gaps. 45 00:02:20,300 --> 00:02:23,530 You must also understand what you're looking for, right? 46 00:02:23,530 --> 00:02:27,190 Things like connections to Command and Control servers, 47 00:02:27,190 --> 00:02:31,300 Indicators of Compromise, internal botnet traffic, 48 00:02:31,300 --> 00:02:34,440 DNS Resolvers, and much more. 49 00:02:34,440 --> 00:02:37,300 So again, always assume that you're network has been 50 00:02:37,300 --> 00:02:40,003 compromised and think like an attacker.