Presentation for Cakrawala University
Cyber Security Presentation Overview
Agenda
Background Explanation
Duration: +- 5 minutes
Cybersecurity Presentation
Duration: +- 15 minutes
Discussion/QnA Session
Duration: +- 60 minutes
Closing
Duration: +- 5 minutes
Background Profile
Bachelor of Engineering
+8 years of experience in cybersecurity.
Experience in working for 6 major companies across various sectors:
Telco
Retailer
Banking (Local & Foreign)
Finance
Airport
Oil
Insurance
Transportation
State-Owned Enterprises (BUMN, BUMD)
Intelligence Agencies
Government
Roles undertaken:
Main Sub-Contractor
Sub-Contractor
System Integrator
Manage Account Services
User & Freelancer
Specialized roles:
Security Analyst
Engineer
Consultant
Forensic Investigator
Understanding Cyber Security
Definition
Cyber Security refers to the measures taken to protect data, information, networks, infrastructures, and systems from attacks or breaches by external or internal threats.
Key Points
Involves not only the use of tools but also collaboration and responsibility from all stakeholders involved.
Cyber Security Team Structure
Key Roles
Red Team
Focuses on offensive security and ethical hacking to identify vulnerabilities.
Blue Team
Responsible for defensive security, protecting infrastructure, detection, and incident response.
Purple Team
Bridges the gap between the Red and Blue teams to improve overall response and security posture.
Cyber Security Operations
Responsibilities in a Security Operations Centre (SOC)
SOC Manager
Oversees all operations to ensure compliance and efficacy in cybersecurity measures.
Cyber Security Analyst
Level 1 - Incident Triage
Initial responder for security incidents, responsible for triaging alerts.
Tier 2 - Incident Responder
Investigates systems to uncover threats, utilizing threat intelligence tools.
Tier 3 - Threat Hunter
Actively searches for suspicious activities and tests defenses against advanced threats.
Cyber Security Architect
Designs comprehensive cybersecurity systems, integrating physical, technological, and human components.
Cyber Security Compliance Auditor
Ensures compliance with internal/external regulations and accountability for cybersecurity practices.
Technologies in Cyber Security
Tools and Systems
Security Incident and Event Management (SIEM)
Endpoints: Antivirus, EDR (Endpoint Detection & Response), XDR (Extended Detection & Response), and MDR (Managed Detection & Response).
Network Security Components: IDS (Intrusion Detection System), IPS (Intrusion Prevention System), NDR (Network Detection & Response), NAC (Network Access Control).
Access Management: IAM (Identity Access Management), PAM (Privileged Access Management).
Intrusion Detection System (IDS) vs. Intrusion Prevention System (IPS)
Feature IDS IPS | ||
Description | Monitors and alerts on suspicious activity. | Monitors and also takes preventative actions against suspicious activity. |
Location | Client-side on the network. | Between the firewall and internal network. |
Action | Alerts without prevention. | Alerts and prevents unauthorized access. |
False Positives | Minor inconvenience. | Greater potential disruption. |
Next Generation Firewall (NGFW)
Essential Features
Combines stateful inspection with application control.
Capable of decrypting and inspecting SSL traffic.
Integrates with IPS and IDS for cohesive security.
Protects against advanced threats (XSS, CSRF etc.) through application layer monitoring.
Vendors
Cisco, Palo Alto, Checkpoint, Fortinet, Akamai, AWS, Barracuda, Cloudflare.
Security Information and Event Management (SIEM) and Extended Detection and Response (XDR)
Differences
SIEM:
Focus on data normalization and analytics, integrated response, log management, and monitoring.
XDR:
Built on EDR with native response capabilities, focusing on detection and response.
Conclusion
Effective cybersecurity involves integrated approaches, with collaboration among teams, and employing robust tools to manage threats.