This Year in Cybersecurity: How to Be Proactive Against Attacks in 2021

2020 certainly has shown us the importance of cybersecurity and how vulnerable our systems can be in a 100% virtual world. With no doubt, 2021 will continue to bring various challenges when it comes to keeping your organization’s data safe online.

Here are six areas of cybersecurity to stay alert for this year:

  1. Continued Phishing Attempts: Phishing attempts are continuously being refined, as hackers devise sophisticated ways to intrude into organizations. One of the most common examples is email impersonation. Attackers are learning how to analyze a corporate hierarchy and forging emails in an executive’s name. Pay close attention to the sender’s email address to ensure that it came from your organization.
  2. Remote Work Safety: A large portion of United States workers are still working from home, and these individuals will be the focus of cybercriminals. Whether this is due to lack of physical security in remote workers’ homes or other locations or the use of personal devices, not all remote work is secured the same way if an employee was on-premises. The safety of remote workers should continue to be a major focus for organizations.
  3. NIST 800-171: If your organization handles government-controlled unclassified information (CUI) or works with the US Government, the new Interim Rule change to the DFARS went into effect on November 30, 2020. Now Contractors have contractual obligations to meet DFARS 252.204-7912 (DoD) and NIST SP 800-171r1 or FAR 52.204-21 (Federal). Prime contractors flow down the requirements to partners and subcontractor.
  4. CMMC Assessment & Mitigation: If your company is on a DoD contract, you will be held accountable for security assessments under the Cybersecurity Maturity Model Certification (CMMC) program. While the Government will take through 2025 to completely roll out the program, the requirement has already started to appear in DoD contracts. Many Prime Contractors have begun to levy the requirements on their subcontractors as the rule applies to both Primes and Subcontractors. 

Learn more about specific requirements of the NIST 800-171 & CMMC and how Braxton-Grant can help here.

  1. Cloud Security Breaches: Due to the remote and hybrid IT environments in today’s corporate world, cloud security breaches are currently at an all-time high. In fact, a study by Rebyc found that 35 percent of companies surveyed said they plan to accelerate workload to the cloud in 2021. Threats such as account hijacking, data breaches or insecure application programming interfaces (APIs) can compromise your cloud systems.
  2. Online Cybersecurity Training: With work from home trends not slowing down anytime soon, cybersecurity training is now being addressed remotely and online more now than ever, and it is a good possibility this transition is here to stay. Stay alert for videos, live webinars, or one-on-one virtual meetings with cybersecurity experts without having to leave your desk.

Check out the remote training Braxton-Grant conducts with various partners here.

While all the possibilities of cybersecurity threat can be daunting, the best solution is to be proactive now and assess your organization’s cyber hygiene. A basic cybersecurity assessment can indicate whether your business has a strong cybersecurity posture to meet existing and future customer, industry, and government security requirements. Every company with an information technology system needs good cyber hygiene regardless of whether you have a government requirement for certification. Braxton-Grant offers cybersecurity assessment tailored to your specific needs. We can provide:

  • A cybersecurity health grade.
  • Guidance to understand current security risk.
  • Recommendations for improvement through a Hygiene Assessment Report, customized to your environment.
  • Mapping to key cybersecurity frameworks and controls (e.g. NIST SP 800-171, NIST SP 800-53, CIS 20, GDPR, and HIPAA).

For government contractors, we also offer NIST 800-171 and CMMC Assessments.

You can learn more about our Cyber Hygiene Assessments and sign up for a meeting with one of our engineers here.

Symantec Security Analytics 8 Administration

When you select Braxton-Grant for your training, you get expertise. Our trainers are U.S. Citizens, with vendor specific knowledge, who not only support our customers but also implement solutions across industries. They’ve been there – they know where you’re headed – and their expertise makes it easier for you. Our training is flexible, ongoing, in house or online. Training can be in-depth and intensive, or a quick lunch-and-learn session.

COURSE DESCRIPTION

The Symantec Security Analytics 8 Administration course is designed for participants who want to learn how to use the Symantec Security Analytics platform to perform various types of network-based monitoring and forensic analysis, including incident-response investigation, increased real-time situational awareness, and continuous monitoring for indicators of compromise (IOCs) and advanced persistent threats (APTs).

Delivery Method

Instructor-led and Virtual Academy

Duration

Three days

Course Objectives

By the completion of this course, you will be able to:

  • Understand key concepts of network forensics, with a focus on threat hunting and incident response
  • Use basic and advanced filtering techniques to assist in reducing response time by narrowing down searches for specific data
  • Perform detection of potential security incidents hidden in network traffic through file and artifact extraction
  • Improve on incident response through data enrichment and integrated threat intelligence services
  • Identify suspicious activity and correlate Indicators of Compromise to an attack vector or specific incident
  • Discover how Security Analytics’ open API enables integration with existing Symantec and third-party security solutions

Who Should Attend

The Security Analytics 8 Administration course is intended for students who wish to master the core functions of Security Analytics to perform threat hunting and incident response. It is designed for students who have not taken any previous training courses about Security Analytics.

Prerequisites

This course assumes that students have a solid understanding of networking concepts, such as local-area networks (LANs), the Internet, security, and IP protocols.

Hands-On

This course includes practical hands-on exercises that enable you to test your new skills and begin to use those skills in a working environment.

COURSE OUTLINE

Module 1: Introduction to Security Analytics

  • This module will introduce Symantec Security Analytics and why the network visibility that Security Analytics provides is critical in protecting business operations.

Module 2: Introduction to Network Forensics

  • This module will introduce computer forensics, with a focus on modern network forensics concepts. It will discuss terminology and common methods and tools used in the SOC today.

Module 3: Threat Hunting and Incident Response

  • This module will talk about what present-day cyber-attacks look like and core challenges around discovering resolving these attacks. It will cover how the cyber kill-chain methodology can be used in combination with threat hunting techniques to interrupt on-going attacks. This module will also discuss the fundamentals of incident response, including terminology and core concepts used when performing remediation of discovered security incidents.

Module 4: Improving security posture through effective planning and solution design

  • This module addresses the planning and solution-design process for deployments of Security Analytics solutions. It identifies the points within a network where Security Analytics can most effectively capture packet data. It will also cover installation options and basic configuration.

Module 5: Reduce incident response time

  • This module will discuss the challenges around lengthy incident response times. It will also cover how filtering can assist in reducing response time by narrowing down searches for specific data. It will also demonstrate, with filtering, that removing excess “noise”, especially in very large data sets improves on overall response time. Best practices for filtering and searching will also be covered.

Module 6: Detecting network traffic anomalies

  • This module will examine the challenges with detection of potential security incidents hidden in network traffic. It will cover how Security Analytics provides file and artifact extraction from captured packet data. Topics include what artifacts are and how Security Analytics can provide additional context for and processing of any interesting artifacts that may be found. Use cases that demonstrate contextualization benefits for incident responders and security administrators will also be discussed.

Module 7: Improve on early incident detection

  • This module will talk about best practices for network-based analysis using Security Analytics. This module will also examine how Security Analytics can identify suspicious activity and correlate Indicators of Compromise to an attack vector or specific incident.

Module 8: Enriching incident response efforts

  • This module will address incident response challenges around inadequate information and cover basic and advanced reporting tools within Security Analytics. Improved incident prevention and response from the enhanced information available will be discussed.

Module 9: Enhancing incident response through integrations with other security products

  • This module will discuss how Security Analytics’ open API enables integration with existing Symantec and third-party security solutions, providing customers with the valuable context and evidence they lack. Threat intelligence integration will also be examined.

Module 10: Review of Security Analytics Administration

  • This module will provide a review of topics covered in this course.

Training Quote Request Form

SonicWall Network Security Professional

When you select Braxton-Grant for your training, you get expertise. Our trainers are U.S. Citizens, with vendor specific knowledge, who not only support our customers but also implement solutions across industries. They’ve been there – they know where you’re headed – and their expertise makes it easier for you. Our training is flexible, ongoing, in house or online. Training can be in-depth and intensive, or a quick lunch-and-learn session.

Training Quote Request Form

SonicWall Network Security Administrator

When you select Braxton-Grant for your training, you get expertise. Our trainers are U.S. Citizens, with vendor specific knowledge, who not only support our customers but also implement solutions across industries. They’ve been there – they know where you’re headed – and their expertise makes it easier for you. Our training is flexible, ongoing, in house or online. Training can be in-depth and intensive, or a quick lunch-and-learn session.

Training Quote Request Form

Content Analysis 2.2 Administration

When you select Braxton-Grant for your training, you get expertise. Our trainers are U.S. Citizens, with vendor specific knowledge, who not only support our customers but also implement solutions across industries. They’ve been there – they know where you’re headed – and their expertise makes it easier for you. Our training is flexible, ongoing, in house or online. Training can be in-depth and intensive, or a quick lunch-and-learn session.

Training Quote Request Form

ProxySG 6.7 Advanced Administration

COURSE DESCRIPTION

The ProxySG 6.7 Advanced Administration course is intended for IT professionals who wish to learn to master the advanced features of the ProxySG.

Delivery Method

Instructor-led and Virtual Academy

Duration

Two days

Course Objectives

By the completion of this course, you will be able to:

  • Solve common authentication and SSL issues
  • Understand the underlying architecture of SGOS
  • Monitor and analyze ProxySG performance
  • Use policy tracing as a troubleshooting tool

Who Should Attend

This course is for IT network or security professionals who have practical experience with the ProxySG in the field and wish to master the advanced network security of the ProxySG.

Prerequisites

You must have working knowledge of ProxySG Administration and should possess advanced knowledge of networking, security, and authentication.

Hands-On

This course includes practical hands-on exercises that enable you to test your new skills and begin to use those skills in a working environment.

COURSE OUTLINE

Module 1: Using Authentication Realms

  • Describe the benefits of enabling authentication on the ProxySG
  • Describe, at a high level, the ProxySG authentication architecture
  • Understand the use of IWA realms, with both IWA Direct and IWA BCAAA connection methods

Module 2: Understanding Authentication Credentials

  • Describe how NTLM and Kerberos authentication work in both IWA direct and IWA BCAAA deployments
  • Configure the ProxySG to use Kerberos authentication

Module 3: Understanding Authentication Modes

  • Describe authentication surrogates and authentication modes
  • Describe ProxySG authentication in both explicit and transparent deployment mode

Module 4: Understanding HTTPS

  • Describe key components of SSL encryption
  • Describe how the SSL handshake works
  • Describe some of the legal and security considerations related to use of the SSL proxy

Module 5: Managing SSL Traffic on the ProxySG

  • Describe how the SSL proxy service handles SSL traffic
  • Describe the standard keyrings that are installed by default on the ProxySG
  • Identify the types of security certificates that the ProxySG uses

Module 6: Optimizing SSL Interception Performance

  • Configure the ProxySG to process SSL traffic according to best practices for performance

Module 7: SGOS Architecture

  • Identify key components of SGOS
  • Explain the interaction among client workers and software workers in processing client requests
  • Explain the significance of policy checkpoints
  • Describe key characteristics of the SGOS storage subsystem
  • Explain the caching behavior of the ProxySG

Module 8: Caching Architecture

  • Describe the benefits of object caching on the ProxySG
  • Explain the caching-related steps in a ProxySG transaction
  • Identify and describe the HTTP request and response headers related to caching
  • Describe, in general terms, how the ProxySG validates cached objects to ensure freshness
  • Explain how the ProxySG uses cost-based deletion, popularity contests, and pipelining to improve object caching

Module 9: System Diagnostics

  • Describe the use of the health monitor and health checks
  • Explain the use of the event and access logs
  • Describe the information available in advanced URLs and sysinfo files
  • Describe the function of policy tracing and packet captures

Module 10: Introduction to Content Policy Language (CPL)

  • Describe the fundamental concepts and purposes of ProxySG policy transactions
  • Understand the relationship of layers, rules, conditions, properties, and triggers
  • Describe the two types of actions in CPL
  • Describe how to write, edit, and upload CPL code

Module 11: Using Policy Tracing for Troubleshooting

  • Identify the two main types of ProxySG policy traces
  • Describe the various sections of a policy trace result
  • Configure a global and policy-driven trace
  • Access and interpret policy trace results

Module 12: ProxySG Integration

  • Identify other Symantec products that can be used as part of a complete security solution

Training Quote Request Form

ProxySG 6.7 Basic Administration

COURSE DESCRIPTION

The ProxySG 6.7 Basic Administration course is an introduction to deployment options and management of the individual key features offered using the ProxySG 6.7 solution. This an introductory course and is designed for students who are new to the ProxySG solution.

Delivery Method

Instructor-led and Virtual Academy

Duration

Two days

Course Objectives

By the completion of this course, you will be able to:

  • Describe the major Secure Web Gateway functions of the ProxySG
  • License and configure a ProxySG
  • Deploy a ProxySG in either explicit or transparent mode
  • Use the Visual Policy Manager to write policies to manage web filtering, authentication, and SSL traffic management
  • Use ProxySG access logs to generate reports

Who Should Attend

The ProxySG 6.7 Basic Administration course is intended for students who wish to master the fundamentals of the ProxySG. It is designed for students who have not taken any previous training courses about the ProxySG.

Prerequisites

This course assumes that students have a basic understanding of networking concepts, such as local-area networks (LANs), the Internet, security, and IP protocols.

Hands-On

This course includes practical hands-on exercises that enable you to test your new skills and begin to use those skills in a working environment.

COURSE OUTLINE

Module 1: Introduction to the Symantec ProxySG Secure Web Gateway

  • Describe the functions of a proxy server
  • Differentiate proxy servers from firewalls
  • Describe the key features and benefits of the ProxySG
  • List the various ProxySG models
  • Access online Symantec community resources

Module 2: ProxySG Security Deployment Options

  • Describe the three network deployment methods
  • Describe the three possible roles of the ProxySG

Module 3: ProxySG Management Console

  • Describe the relationship between the Management Console and the ProxySG CLI
  • Describe the primary function of the major areas of the Management Console
  • Use the Management Console to access on-box help and Symantec product documentation

Module 4: Traffic Interception Using Proxy Services

  • Understand the functions of proxy services, listeners, and proxy types
  • Describe the three most common proxy services
  • Explain how the intercept and bypass settings affect what happens to network traffic passing through the ProxySG
  • Explain the function of common global proxy service settings

Module 5: Hypertext Transfer Protocol

  • Understand how a connection is initiated over the transport layer
  • Identify the components of an HTTP URL
  • Explain the two types of HTTP messages: request and response
  • Identify common response codes

Module 6: Introduction to the Visual Policy Manager

  • Describe the relationship among the VPM, CPL, and the Management Console
  • Describe the default processing order for policy layers and rules
  • Describe triggers and actions that can be used in writing policy
  • Identify the types of objects that the VPM supports
  • Describe some of the best practices to be followed when using the VPM to create policy

Module 7: Filtering Web Content

  • Describe the main concepts of web filtering
  • Describe the primary category databases
  • Describe the category types available to policy
  • Describe how WebFilter and WebPulse work together

Module 8: Using Threat Intelligence to Defend the Network

  • Understand Intelligence Services as provided by the Global Intelligence Network
  • Understand Geolocation and Threat Risk Levels and how they can be used in policy

Module 9: Ensuring Safe Downloads

  • Describe how malware can be transmitted via HTTP
  • Explain the methods, advantages, and disadvantages of file type detection
  • Describe some of the considerations in deciding what content to block as possible malware sources

Module 10: Notifying User of Internet Usage Policies

  • Explain the function and various components of built-in and custom exception pages
  • Describe the function of Notify User objects
  • Identify the types of pages that can be sent to users by using Notify User objects
  • Describe splash pages and coaching pages using Notify User objects in the VPM

Module 11: Access Logging on the ProxySG

  • Describe, at a high level, how the ProxySG performs access logging
  • Describe the components of a ProxySG access log facility
  • Identify default log facilities and log formats
  • Describe common use cases for periodic and continuous uploading of access logs

Appendix A: ProxySG Initial Configuration

Appendix B: IPv6 in ProxySG Deployments

Training Quote Request Form

PacketShaper 11.9.1 Administration

When you select Braxton-Grant for your training, you get expertise. Our trainers are U.S. Citizens, with vendor specific knowledge, who not only support our customers but also implement solutions across industries. They’ve been there – they know where you’re headed – and their expertise makes it easier for you. Our training is flexible, ongoing, in house or online. Training can be in-depth and intensive, or a quick lunch-and-learn session.

Training Quote Request Form

SonicWall Network Security Professional

When you select Braxton-Grant for your training, you get expertise. Our trainers are U.S. Citizens, with vendor specific knowledge, who not only support our customers but also implement solutions across industries. They’ve been there – they know where you’re headed – and their expertise makes it easier for you. Our training is flexible, ongoing, in house or online. Training can be in-depth and intensive, or a quick lunch-and-learn session.

Training Quote Request Form

SonicWall Network Security Administrator

When you select Braxton-Grant for your training, you get expertise. Our trainers are U.S. Citizens, with vendor specific knowledge, who not only support our customers but also implement solutions across industries. They’ve been there – they know where you’re headed – and their expertise makes it easier for you. Our training is flexible, ongoing, in house or online. Training can be in-depth and intensive, or a quick lunch-and-learn session.

Training Quote Request Form