Copyright Goodheart-Willcox Co., Inc. 72 Security Essentials A comprehensive IT security strategy incorporates technological solutions, pol- icies, procedures, and a detailed security assessment of an organization. It is nec- essary to assess the security posture of an enterprise environment so that security solutions can be recommended and implemented. This evaluation is a structured and detailed approach to locate IT vulnerabilities. It looks at business practices, physical security measures, and associated technology incorporated throughout an enterprise network. Companies often consider this function a type of security audit, as its intent is to review security measures in place, locate possible threats against a business, and identify vulnerabilities and the potential for attacks and threats. The results from this analysis provide guidance and data for an organization to incorpo- rate measures to protect against vulnerabilities and remediation strategies for recov- ering from attacks. The types of assessments conducted by an organization vary based on the organization’s mission and technology. Included are activities such as vulnerability scanning, which are tools that run on systems such as servers to identify known or suspected vulnerabilities. In addition, proactive measures can also be used to assess the security posture of an organization. It is necessary to locate and monitor current threat intelligence to identify current threats, actively search for threats on a net- work through threat-hunting measures, and conduct penetration tests, which are simulated attacks originating from trained individuals to actively test the company’s cyber defenses. Threat Hunting Proactive techniques for security assessments must be applied in an enterprise environment, making threat hunting an essential element of an organization’s cyber security program. Threat hunting is the practice of proactively searching for cyber threats and vulnerabilities not already detected or identified in a network. Effective threat hunting requires threat intelligence, which is knowledge about threats, threat actors, and other potentially harmful actions to an enterprise environ- ment that helps prevent cyberattacks. It is analyzed information used by a company to understand the threats that have, will, or are currently targeting an organization. Intelligence fusion is the combination of intelligence information from many sources to create a comprehensive threat profile. The profile provides security teams with comprehensive analysis and correlation of information to respond to potential imminent threats effectively. This heightened awareness enables teams to focus on known attack vectors and methods of attack to harden and monitor those systems. This improves efficiency and security by focusing on likely areas of vulnerabilities and threats. Threat Intelligence Feeds Threat intelligence feeds are real-time streams of data that provide information on potential cyber threats and risks. Time is of the essence when protecting the security of an organization. It is important to have security information and event manage- ment (SIEM) tools that can take the information and analyze in real time. Feeds come from sources outside of the organization that provide information used to protect the network, such as blocking IP addresses associated with malicious activity or searching the network to see if those IP addresses were used within your network. There are many threat intelligence feeds and some are open source. Examples include the FBI’s InfraGard Portal, which provides information relevant to the 16 sec- tors of critical infrastructure, including organizations that protect critical assets such 1.7 1.7 1.7