SecureBytes

This week I understood how a System of Operations (SOC) works and how it monitors millions of events per second. Analysts focus on quickly detecting, containing, and investigating attacks. Without an SOC, attacks would go undetected for months. What struck me was that the average global attack detection time is 207 days, but a sophisticated SOC can reduce this to less than 24 hours. Source: IBM Cost of a Data Breach Report 2024 

Application security isn't just about writing clean code. It requires code review before execution, penetration testing of the application itself, and robust protection for APIs, as they have become a primary target. I read a report stating that 80% of API breaches were due to weak authentication or compromised keys. Source: OWASP API Security Top 10 – 2023 

Endpoints are the easiest entry point for attackers, a fact agreed upon by all security companies. That's why we use technologies like EDR and advanced antivirus software that monitor behavior, not just files. A prime example is the SolarWinds attack, which essentially started with a single compromised device and then spread throughout the network. Source: SolarWinds Supply Chain Attack – U.S. CISA Report 

This week I learned that network security testing isn't just about running a firewall. You need to conduct a full analysis of your defenses, such as IDS/IPS testing, to see if they actually detect attacks or if they're just for show. There's a type of test called Breach Simulation that simulates a real attack within the network. Many companies have discovered faulty configurations they weren't aware of. Source: MITRE ATT&CK Evaluation Reports 

Vulnerability management was one of the things that made the most sense for me. The idea is to find problems before criminals find them. You use tools like Nessus and Qualys to scan devices and systems and find vulnerabilities. This reminded me of the infamous Heartbleed vulnerability, which led to many companies being hacked because they weren't regularly updating their systems. Source: CVE-2014-0160 (Heartbleed Bug Documentation) 

  This week I learned more about security resilience, which is simply the ability of a system to remain operational even after a major attack or disruption. The most important concept I grasped is that companies today don't rely solely on firewalls, but on comprehensive plans such as having readily available backups and servers that automatically take over if one fails. I also learned that protecting the data center sites themselves is crucial, not just securing the internet. For example, some companies have fingerprint access systems, cameras, and monitoring devices to prevent unauthorized access to the physical premises. What surprised me was that most of the companies that survived ransomware attacks in 2024 did so because they had a robust resilience plan, not because the attacks were weak. Source: CrowdStrike Global Threat Report 2024