Abstract
The Red Team’s successful penetration into Sifers-Grayson’s system exposed significant vulnerabilities that the firm needs to address. As a result, the firm’s management resolved that they have to embark on implementing two defensive strategies within the company. While there were several options, they chose two strategies. The first strategy is establishing a Demilitarized Zone (DMZ) for the Research and development (R&D) center. It will involve adding business-class firewalls, routers, and intrusion detection and prevention systems. In the second strategy, the management will install enterprise-wide protective and detective measures to defend Sifers-Grayson against external and internal attackers. The measures will encompass monitoring access to the company’s systems, employing enterprise-wide identity management, and executing either a Security Information and Event Management (SIEM) tool or a Unified Threat Management (UTM) tool. Sifers-Grayson will guarantee the security of its system and stored data by implementing the two suggested strategies and complying with NIST and DFARS requirements. The primary objective is to alleviate the risks of cyber-attacks and enhance the company’s response capability to potential security incidents.
Security Strategies
The suggested defense strategies will protect Sifers-Grayson against security incidents in different ways. The DMZ will be established in between the company’s external and internal networks. DMZ refers to a special zone within a network where publicly accessible servers are connected (“DMZ Implementations,” n.d.). While the zone limits access to more sensitive information on servers, it allows organizations to provide external access or host content. When Sifers-Grayson installs a router, the DMZ will ensure that the firm’s network is safe behind firewalls. It will facilitate the establishment of a secure connection that offers excellent protection from any external threat. It will be necessary for the company to regularly update the DMZ to guarantee the effective security of systems and the network it governs.
Firewalls will also be installed in the network system as part of the DMZ. Although firewalls are categorized into hardware and software, they have a similarly significant role in network security. Firewalls shield networks or computers from malicious individuals or unwanted network traffic, protecting them against outside cyberattacks (“DMZ Implementations”, n.d.). Additionally, they inhibit malicious software from accessing networks or computers through the internet. Therefore, the firewall component of the DMZ on the Sifers-Grayson’s network will prevent unauthorized access to the R&D system. The last element of the DMZ is the intrusion detection and prevention system. The system comprises software that will allow the incident response team to identify and block malicious attacks on the company’s network. Therefore, the DMZ implementation will provide Sifers-Grayson with layered security for the R&D center, protecting it against potential attackers. Indeed, this system of hardware and software will alleviate vulnerabilities to security incidents.
The implementation of the second defensive strategy will also have considerable improvement on Sifers-Grayson’s security posture. The firm will install diverse applications and tools on its servers to enhance its enterprise-wide protection, detection, and prevention capabilities. As noted earlier, the applications and tools will include the Application Lifecycle Management tool (ALM), Identity and Access Management (IAM) tool, Unified Threat Management (UTM), and Forensic Image Capture Utility. The tools will provide the incident response team with all that they need lockdown systems, a quick summary of how the network is running, and updating and alerting them about suspicious activities. While the ALM tool will support functionality that facilitates the development, governance, maintenance, and security of applications used by Sifers-Grayson, the IAM tool will regulate individuals who access its network by verifying their identity. UTM will provide a single reporting and management point for security in the organization. Forensic Image Capture Utility will have a significant role in investigating security incidents and recovering stolen files.
Security Strategies Approaches
The primary approaches to the defense strategies include layered security and defense in depth. Although their main objective is to enhance cyber security and prevent network systems and devices from attracts, they accomplish this goal differently. According to Perrin (2008), organizations can implement a layered security approach at any level of security strategy. They use multiple security measures against different cyber-attack vectors, focusing on the singular origin of threats. Conversely, the defense-in-depth approach adopts a broader scope of attention to security and accentuates flexible responses to threats. The first defense strategy uses the layered approach to security since the recommended components for the DMZ, router, firewall, and intrusion detection and prevention system serve specific purposes at different levels. On the other hand, the second defense strategy uses both approaches. For instance, the UTM is a defense-in-depth, and ALM and IAM are the layered approach to security as their role is explained later in this paper. Implementation of these strategies will prevent intrusion into the Sifers-Grayson network system and install malware, secure data, help in alerting the incident response team, and facilitate the evaluation of damage caused by attacks.
Product Evaluations
One of Sifers-Grayson’s goals toward its customers is to provide exceptional services that best meet their needs. Like in any other business, the firm is not immune to challenges associated with its operations. Cyber security threats from external and internal attacks can compromise the company’s information and stored data. Therefore, an evaluation of various products recommended for implementing the two defense strategies will ensure that Sifers-Grayson has adequate knowledge about how they will help meet its business needs.
First Defense Strategy
The products selected for the first defense strategy (building of DMZ) include Linksys router, Cisco secure firewall, and McAfee for the intrusion detection and prevention system. Linksys WRT 3200 ACM router is chosen as one component of the DMZ. The router has WAP and VPN capabilities making it suitable for Sifers-Grayson’s DMZ. Additionally, it embraces custom open-source firmware to install software besides the router’s default interface (Hanson, 2017). As a result, the firm can have almost full control over the router’s features and functions. Moreover, Linksys WRT 3200 ACM uses MU-MIMO technology that facilitates simultaneous streaming and file sharing on multiple devices on the wireless AC band. Tri-Stream 160 technology which doubles the bandwidth from 80MHz on network streams is another feature that guarantees a breakneck Wi-Fi AC network speed (Hanson, 2017). Sifers-Grayson will create an admin password that employees and other authorized individuals will be using the organization’s network. Therefore, Linksys WRT 3200 ACM will considerably prevent intruders from accessing Sifers-Grayson’s network system.
The Cisco secure firewall is the next component of the DMZ. The brand is a world-class security control with consistent policy visibility and that integrates network and security. The specific product selected for implementation of the defense strategy is Firepower 9300, which is suitable for service providers and high-performance data centers such as Sifers-Grayson. The product has a carrier-grade modular platform instrumental in creating separate scalable VPNs and logical firewalls. Additionally, it inspects encrypted web traffic through hardware acceleration and protects the network system against distributed denial-of-service (DDoS) attacks with integrated, enterprise-grade Radware Virtual DefensePro (vDP) (“Cisco Firepower 9300”, n.d.). The firewall also deploys scalable VPN options, detects and blocks network intrusions, and utilizes advanced URL filtering. The multi-instance functionality in Firepower 9300 allows users to generate independent logical firewalls, supporting the orchestration of security services.
Deep visibility and threat prioritization, unified management, integrated solutions, and simplified platform experience make Firepower 9300 suitable for Sifers-Grayson’s DMZ for the R&D center. The firewall’s deep visibility automatically ranks risks and provides impact flags, minimizing event volume and allowing threats prioritization and action-taking (“Cisco Firepower 9300”, n.d.). Sifers-Grayson will enjoy unified management with Cisco Defense Orchestrator after installing this firewall. The firm will also use Cisco SecureX to connect its current infrastructure to Cisco’s integrated security, gaining a reliable experience that enables automation, unifies visibility, and enhances its security across the network, applications, and endpoints.
The last recommended component needed for the first defense strategy implementation is McAfee’s Network Security Platform. The latter is an intrusion detection and prevention system (IDPs), vital in discovering and blocking malware threats across the network (“McAfee Network Security Platform,” n.d.). This network security platform uses advanced techniques for detection and emulation to precisely defend systems against crafty attacks. While there is no single malware detection technology capable of preventing all cyberattacks, McAfee’s Network Security Platform integrates intelligence threat deterrence with spontaneous security management to enhance detection accuracy and rationalize security operations. Some of the platform’s fundamental characteristics include performance and availability, integrated security, and advanced threat and intrusion prevention.
Installation of McAfee’s Network Security Platform Sifers-Grayson’s system will be advantageous to the firm in different ways. It will protect the company’s applications and data by detecting and preventing threats and provide high-performance as well as a scalable solution for its dynamic workstations. Sifers-Grayson will have centralized management for control and visibility and enjoy signature-less malware analysis. The platform also inspects network traffic through outbound and inbound SSL decryption (“McAfee Network Security Platform,” n.d.). Therefore, McAfee’s Network Security Platform will improve Sifers-Grayson’s network security and facilitate the company’s compliance with NIST and DFARS requirements for any firm signing contracts with government agencies.
Second Defense Strategy
The strategy involves ensuring Sifers-Grayson’s enterprise-wide protection, detection, and prevention capabilities by combining applications and tools. The ALM tool that the company will use is the HP Application Lifecycle management software. This tool provides a centralized activity automation and management platform necessary for the core lifecycle (“HP Application Lifecycle Management software”, n.d.). It also plays an instrumental role in applications’ lifecycle management from inception to retirement. HP ALM accelerates organizations’ application transformation by empowering the relevant team to plan, build, and prepare to release new components, apps, and services with better quality. Installation of the AML tool will help Sifers-Grayson breach the gap between its IT team silos and fragmented work processes associated with its project planning and tracking, performance, and application development, among others. HP ALM further helps companies to have consistent processes, common practices, and enhanced collaboration and productivity across all applications. It will allow the Sifers-Grayson to ensure the entire application lifecycle’s predictability, repeatability, agility, and high quality (“HP Application Lifecycle Management software,” n.d.). The ALM will minimize errors and enhance the readiness of the IT team.
As noted earlier, the IAM tool will regulate individuals, applications, and devices that access Sifers-Grayson’s network through identity verification. The AIM tool selected for the implementation of the second defense strategy is CyberArk. According to Breeden (2021), the latter divides the IAM’s sides of identity management and access management into various offerings. As a result, businesses can use the type of IAM that serves their needs without installing and maintaining what is unnecessary to their organizations. For instance, CyberArk offers Vendor Access Manager and Endpoint Privilege Manager for identity and privilege management. Conversely, it offers a Workforce Identity Platform and Customer Identity Platform for access control to manage internal workforces and external users, correspondingly (Breeden, 2021). Another CyberArk IAM’s essential feature is controlling how identities access a company’s databases and applications while using codes. Therefore, this tool will help Sifers-Grayson improve its security incidents’ detection, prevention, and protection capabilities.
For Unified Threat Management (UTM), the product chosen for the Sifers-Grayson is SonicWall UTM. This tool will create a secure environment for the company, delivering firewall, anti-virus, intrusion prevention, content protection, and anti-spam on a single hardware platform (Robb, 2021). Its protection functionality begins at the gateway, blocking external and internal threats at various access points and network layers. According to Robb (2021), the UTM tool has Reassembly-Free Deep Packet Inspection (RFDPI) which also scrutinizes the application layer for security incidents and vulnerabilities. It also scans more than 50 application types and different protocols encompassing HTTP, SMTP, NetBIOS, FTP, IMAP, and POP3 (SonicGuard, n.d.). It has built-in SD-WAN and does not allow rebooting after a signature file update. Moreover, it matches all downloaded files, including e-mails, against a perpetually updated signature database and scans them in real-time to block any unknown threat. Thus, the UTM will significantly enhance Sifers-Grayson’s security incidents detection, prevention, and protection capabilities.
The Forensic Image Capture Utility selected for the implementation of the second defense strategy is the FTK imager. The latter is a tool developed by AccessData, that used extracted evidence. Poston (2021) indicates that FTK imagers can create data copies without altering the original evidence. Essential features that differentiate this tool from others include the provision of wizard-driven cybercrime detection, better data visualization using charts, automated data analysis capability, and allow management of reusable profiles (Poston, 2021). Additionally, the FTK imager facilitates password recovery and supports specification criteria to minimize irrelevant data. Therefore, this tool will help Sifers-Grayson’s incident response team in forensic processes in case of a cyber-attack.
Summary
While implementing the two defenses may be expensive, the end outcomes will benefit Sifers-Grayson due to secured systems. Building the DMZ will ensure that the R&D is in a private domain, securing the network infrastructure with the Linksys WRT 3200 ACM, Cisco secure firewall (Firepower 9300), and McAfee’s Network Security Platform. Layering these products through UTM, IAM, ALM, and forensic tools will establish and defend the company’s network system in depth, preventing, protecting, and detecting intrusion attempts as executed by the Red Team and increasing minimizing response time to threats by the IRT. Although cyber threats may be inevitable, implementation of these recommendations will enhance Sifers-Grayson’s cyber security.
References
Breeden, J. (2021). 8 top identity and access management tools. CSO Online. Web.
Cisco Firepower 9300. (n.d). Cisco. Web.
DMZ Implementations. (n.d). Web.
Hanson, M. (2017). Linksys WRT 3200 ACM router review. TechRadar. Web.
HP Application Lifecycle Management software. (n.d). Hp.com. Web.
McAfee Network Security Platform. (n.d). Mcafee.com. Web.
Perrin, C. (2008). Understanding layered security and defense in depth. TechRepublic. Web.
Poston, H. (2021). 7 best computer forensics tools. Infosec Resources. Web.
Robb, D. (2021). Best UTM software 2021 | Unified threat management companies. Enterprise Networking Planet. Web.
SonicGuard.(n.d). SonicWall solutions for unified threat management. Web.