lesson 3.50 Trust networks edge computing, operational technology, Internet of things. Bring your own device cloud and other considerations.
That's a lot of stuff to go through, so I will try and break that down. Frias. We dio
Really. This lesson, though, is all about how to identify emerging technologies and edge computing and how they can have an impact on traditional IR processes and capabilities. So we spent most of the time talking about our air lifecycle on how do we
prevent and detect incidents, and we're going to start getting into some more of the response capabilities.
But on this lesson, I want to make sure that you're thinking of all the other things that you might have to worry about from an incident response perspective, not just what's behind the firewall at your location, but what's in the cloud and what's on the edge.
And as we see, especially after Cove in 19 with more people working from home, more things being pushed out to the edge, it's really changed the dynamics of cybersecurity and incident response in particular. So just again want to talk about a few things for your consideration
when we look through the complexities and the challenges that cybersecurity has to face. It's always been, Ah, challenge, no doubt. But it is getting more complex, and especially for organizations that are large and are doing a lot of different activities we have
nationwide or sometimes global coverage. And we're organizations.
We also have things that we have to control and work on from a cyber perspective that air not your traditional I I t infrastructure. So, for example, you see the power grid there on the upper right hand corner. Have you are involved in industrial control, cybersecurity or I. C. S type of work?
You already know that that is not your traditional I t. You can't just
patch industrial control systems. It's very difficult sometimes to scan them for vulnerabilities without just crippling things. It can cause all sorts of problems from a network segmentation standpoint. And a lot of times these networks air stood up by the people that are responsible for H V A. C or traffic lights or
power grids. And there's no I t. Involvement, and you just happen to come across him that's happened to me several times. These could be a real challenge. Also, manufacturing an operational technology type of things like I t embedded in systems.
We think about all sorts of network connected devices like copy machines, but also robots and manufacturing in on the line type of devices and all sorts of other sensors and things that are out there. That you may need to secure medical devices is another thing.
Then you've got high performing, high performance computing. You've got cloud to worry about all this data that's outside of your perimeter
and then all this I O T sensor data and Smart homes. And then, when you get into the office, do you have the Alexa devices connected to your network or Google Home Devices? Do you allow I O T devices on your network?
What about if you have somebody sitting at home doing work from home? You have a sensitive business, and you've got
If you're in, the government may be controlled unclassified information being discussed or you just have company private information being discussed and at your employee's desk. Sitting right next to them is an Alexa device or a Google home device that's potentially recording all the things that they're saying.
Do you have policies for that for your organization. How do you deal with that? And now that you've essentially extended your corporate network to everybody's home cause
most people are all working from home now,
are you giving them any advice on how to secure that? And how are you handling with cybersecurity, with home networks and computers and
devices that might be connecting in. And then we have all sorts of bring your own device and edge computing things going on virtual ization. It's just a very complex situation to secure sometimes, especially if you don't know everything going on.
I wanted to introduce you to a concept if you haven't seen it before, this is from Gartner. This is S A S C, which is secure access service edge. And what this is really showing is
you've got your Internet backbone on the left and how people connect to the Internet through various Internet service providers. You've got the Internet edge on there as well and then distributed edge layer. And then on the right hand side, you have all the things that you normally would
be used. Teoh dealing with network encryption and cashing SAS applications. WiFi protection remote browser isolation, all these different kinds of technologies and security, things that are available. And then in the very middle you've got,
how do you allow people on your network? So it's like zero trust networking
but pushing everybody out to the edge and not really thinking about my core network. But
how do we allow people to interact with our assets, whether it's in the cloud or
in our company
through these different layers? So this is just a good graphical representation, I thought to break down the complexity of the environments and how you might secure people going through different layers, trying to get access to systems and data.
Now, this graphic is Microsoft's Casby graphic, which is a cloud access security broker and Casby czar. Very important security component to have. And if you think about it essentially, instead of having all of your workers
go from their home or remote office back to the corporate headquarters, go through your I. D. S I. P s firewall and then out to, let's say, Microsoft 3 65 or is your eight of us?
This is saying, Let people go direct, so don't have them all come back to that single chokepoint, which can be a huge hit to performance and customer and user experience. Instead, let him go direct, but they're going to go through a casby, and the Cloud Access Security broker will
inspect traffic. And it allows access to data depending on people's user context and what you've allowed them to get access to.
But it also gives you opportunities to inspect traffic and do things like data loss prevention DLP and restrict traffic. Get reporting. Have data come from your casby to your SIM tool. So it is a great tool. Anybody who's got a cloud president should strongly consider using a casby.
But again, from an incident response standpoint, it's important to note. Do you have a casby in your organization? If you're using the cloud
who has access to it, who's writing the rules for it? If there is an incident, is that information getting logged somewhere? And would you have access to those logs?
So again, these are all just things to keep in mind as you're building your I R plan and trying to go through the whole life cycle of incident response.
All right, quiz question here. What does s a s e stand for I said it quick. We'll see if you remember a security advanced services events be secure access service edge or see service access security in points
and the right answer is secure Access service edge
Second quiz Question. Why might an organisation implement a casby solution? A. To provide increased visibility in the cloud access by users
be to apply security rules and policies to data and devices in the cloud
See to implement data loss prevention for data in the cloud or d All of the above
be answered. All the above you are correct. All of those things are potential capabilities of a casby, as are many others that we didn't go through. But these air certainly things from an IR perspective to be aware of.
So in summary, for this lesson,
we really just covered how emerging technologies and edge computing can impact traditional ir processes and capabilities. Again. It was more of an awareness lesson. I wanted to make sure that as you're thinking through in your mind, all of the different steps for your I r plan,
you are also considering cloud and edge and B Y o D
you know, for example, what happens if a
personal devices involved in a cyber incident
are you? Do you have access to it? What's your policy say about what are their expectations of privacy? Are using a
MDM tool mobile device management tool that allows you to remediate that device or at least get your data off of it. So there's a lot to think through here, but all of it should be considered with your incident response plan.