1 hour 23 minutes
in the last video, we talked about my background
and, of course, objectives.
In his video, we're gonna talk about risk posed by cyber criminals
and sort of software vulnerabilities.
Let's take a look at the lesson objectives
we have risk
understanding risk posed by cyber criminals.
We have sources
reviewed all sources of on abilities.
We have friends
survey international trends and vulnerabilities, and lastly, we have defining vulnerability management.
If I had one ability management as a way to remove risk,
so get the pre assessment.
What is a vulnerability?
Is it a shrink in a system?
weakness in the system
or see weakness in a human
dancer. Here is be
It is a weakness in a system
cause we're talking about
I t. Security here. We're not talking about physical security.
Let's take a look at understanding the risk pools by side of criminals.
So when exposed vulnerabilities can lead to
I think any Delph
I'm not. The rise network access
and intellectual property does
to a cybercriminal vulnerabilities on it that were going hitting high value assets but exposed. These vulnerabilities can
be targeted for exploitation
which may result in unauthorized entry into it network.
It can't expose confidence information, provide fuel for stolen identities
triggered deaf of business secrets, violate privacy provisions of laws and regulations or paralyzed business operations.
Now let's look at the five trends of Attackers.
You have commercialization of attacks.
We have threats, tear by region.
We have multi stage attacks.
We have trusted entity exploitation.
And lastly, we have attacks.
Well attack method conversions.
endless public disclosures in the news of data breaches reveal done. Authorize exposure of millions of confidential consumer records worldwide.
This is adequate proof why organizations must do more to protect networks from attacks as we see here listed on shrink.
But a dramatic change in the security threat landscape is raising the bar for organizations large and small
that want to actively minimize successful attacks on airborne abilities.
So let's look at the sources of our abilities. Here
we have a poorly written code.
We have miss configuration,
and we have, as Dr Evil will say,
says, Look at poorly written cool,
so it is not checking
data buffers in code.
So basically this happens when
a application owner of basically application team
and they're not secured it. So basically they're leaving out commas
or they're leaving our statements that actually closes and secure
in which a Buffalo overflow can happen.
So a buffalo flu is
attack is an attack where
an attacker or a hacker in this case
sends multiple requests to a computer,
to the point where
the income and server
cannot handle it, in which it's overflowed with data
in which exposes a computer to that vulnerability,
causing it to shut down,
enhance a buffer. Overflow happens.
So think of it as it river that's flowing a river of data that's flowing into the server
and pretty much breaching serve,
allowing it attacker get it
sounds like that miss configuration.
So that's miss configuring security devices.
So that'll be far walls
that could be proxies.
And also that could be itself,
which is also known as a security event. Manage.
So if your security event manager is not the figure correctly meaning that alerts on a
security event manager is not detecting
any sort of anomalies or any sort of threats in an environment
fro whoa is not gonna be
ping or basically communicated to from the Cell
and also the proxy is not gonna be communicated from Simmons Well, too,
in which the far wall detects any eyepiece that does not
belong within a enterprise,
and a proxy detects
any unauthorized websites
that employees are not allowed to go.
So it's like that other threats here
toe with Mel wear,
which covers the viruses, worms and more.
We're new vulnerabilities,
and also we have users that visiting Latin
well, Mel where? Latin Website. So basically
it's for is like power to type of websites. Partying, videos, partying,
So there are new vulnerabilities every day that are caused by software code issues, configuration issues
and also human error.
So a solution.
The man in question is.
Is there a solution?
First up, the immunize your network against vulnerabilities.
Next, you have to identify and remove
Born Abilities Deli
and third. And most important,
we must manage our own abilities,
so it's based on priority. If you have a critical vulnerability, it comes that
compared to a little vulnerability,
take care of the critical vulnerability. First,
the owner vulnerability that takes presidents to a critical vulnerability
in which stays on the same line is a zero day
you have no time
to find a fix Water, basically of no timeto wait to fix it. You have to fix it immediately.
Now let's look at the post assessment.
What are known Forms off suffer of on abilities?
Is it eight humans?
Is it B viruses or it? Or is it C o T serve?
The answer here is be
Now let's take a look at our summer here.
So in his video,
we talked about sources of vulnerabilities in defiant vulnerability management.
In the next video,
we're going to wrap up on our discussion on why we need
vulnerability management by talking about identifying and fixing boats.
Fundamentals of Vulnerability Management
Most of the successful attacks through a business network could be prevented with vulnerability management. This course focuses on what you can do to automatically manage vulnerabilities and keep your network safe from attack.