The basic principle of robotics and AI

-
Image
Artificial intelligence applied to robotics development requires a different set of skills from you, the robot designer or developer. You may have made robots before. You probably have a quadcopter or a 3D printer. The familiar world of  Proportional Integral Derivative  ( PID ) controllers, sensor loops, and state machines must give way to artificial neural networks, expert systems, genetic algorithms, and searching path planners. We want a robot that does not just react to its environment as a reflex action, but has goals and intent—and can learn and adapt to the environment. We want to solve problems that would be intractable or impossible otherwise. Robotics or a robotics approach to AI—that is, is the focused learning about robotics or learning about AI? about how to apply AI tools to robotics problems, and thus is primarily an AI using robotics as an example. The tools and techniques learned will have applicability even if you don’t do robotics, but just apply AI to
1 comment

The Red and Blue Team in CyberSecurity

-
The Red/Blue Team exercise is not something new. The original concept was introduced a long time ago during World War I and like many terms used in information security, originated in the military. The general idea was to demonstrate the effectiveness of an attack through simulations.
For example, in 1932 Rear Admiral Harry E. Yarnell demonstrated the efficacy of an attack on Pearl Harbor. Nine years later, when the Japanese attacked Pearl Harbor, it was possible to compare and see how similar tactics were used (22).

The effectiveness of simulations based on real tactics that might be used by the adversary are well known and used in the military. The University of Foreign Military and Cultural Studies has specialized courses just to prepare Red Team participants and leaders (23). Although the concept of reading eaming in the military is broader, the intelligence support via threat emulation is similar to what a cybersecurity Red Team is trying to accomplish.

 The Homeland Security Exercise and Evaluation Program (HSEEP) (24) also uses red teaming in the prevention exercise to track how adversaries move and create countermeasures based on the outcome of these exercises.

In the cybersecurity field, the adoption of the Red Team approach also helped organizations to keep their assets more secure. The Red Team must be composed of highly trained individuals, with different skill sets and they must be fully aware of the current threat landscape for the organization's industry. Learn more cybersecurity online training Hyderabad

The Red Team must be aware of trends and understand how current attacks are taking place. In some circumstances and depending on the organization's requirements, members of the Red Team must have coding skills to create their exploit and customize it to better exploit relevant vulnerabilities that could affect the organization.

The core Red Team workflow takes place using the following approach:




The Red Team will perform an attack and penetrate the environment by trying to break through the current security controls, also known as penetration testing. The mission intends to find vulnerabilities and exploit them to gain access to the company's assets. 

The Red Team is also accountable to register its core metrics, which are very important for the business. The main metrics are as follows:
  • Mean Time to Compromise (MTTC): This starts counting from the minute that the Red Team initiated the attack to the moment that they were able to successfully compromise the target
  • Mean Time to Privilege Escalation (MTTP): This starts at the same point as the previous metric but goes all the way to full compromise, which is the moment that the Red Team has administrative privilege on the target
So far, we've discussed the capacity of the Red Team, but the exercise is not completed without the counter partner, the Blue Team. The Blue Team needs to ensure that the assets are secure and in case the Red Team finds a vulnerability and exploits it, they need to rapidly remediate and document it as part of the lessons learned.

The following are some examples of tasks done by the Blue Team when an adversary can breach the system:
  • Save evidence: It is imperative to save evidence during these incidents to ensure you have tangible information to analyze, rationalize, and take action to mitigate in the future.
  • Validate the evidence: Not every single alert, or in this case evidence, will lead you to a valid attempt to breach the system. But if it does, it needs to be cataloged as an Indication of Compromise (IOC).
  • Engage whoever is necessary to engage: At this point, the Blue Team must know what to do with this IOC, and which team should be aware of this compromise. Engage all relevant teams, which may vary according to the organization.
  • Triage the incident: Sometimes the Blue Team may need to engage law enforcement, or they may need a warrant to perform the further investigation, a proper triage will help on this process.
  • Scope the breach: At this point, the Blue Team has enough information to scope the breach.
  • Create a remediation plan: The Blue Team should put together a remediation plan to either isolate or evict the adversary.
  • Execute the plan: Once the plan is finished, the Blue Team needs to execute it and recover from the breach.
The Blue Team members should also have a wide variety of skill sets and should be composed of professionals from different departments. Keep in mind that some companies do have a dedicated Red/Blue Team, while others do not. Companies put these teams together only during exercises. 

Just like the Red Team, the Blue Team also has accountability for some security metrics, which in this case is not 100% precise. The reason the metrics are not precise is that the true reality is that the Blue Team might not know precisely what time the Red Team was able to compromise the system. Having said that, the estimation is already good enough for this type of exercise. These estimations are self-explanatory as you can see in the following list:
  • Estimated Time to Detection (ETTD)
  • Estimated Time to Recovery (ETTR)
The Blue Team and the Red Team's work doesn't finish when the Red Team can compromise the system. There is a lot more to do at this point, which will require full collaboration among these teams. For more cybersecurity online training

A final report must be created to highlight the details regarding how the breach occurred, provide a documented timeline of the attack, the details of the vulnerabilities that were exploited to gain access and to elevate privileges, and the business impact to the company.

Assume breach

Due to the emerging threats and cybersecurity challenges, it was necessary to change the methodology from preventing breach to assume breach. The traditional prevent breach approach by itself does not promote the ongoing testing, and to deal with modern threats you must always be refining your protection. For this reason, the adoption of this model to the cybersecurity field was a natural move.

During an interview, many people didn't quite understand what he meant, but this sentence is the core of the assumes breach approach. Assume breach validates the protection, detection, and response to ensure they are implemented correctly. 

But to operationalize this, it becomes vital that you leverage Red/Blue Team exercises to simulate attacks against its infrastructure and test the company's security controls, sensors, and incident-response process.
In the following diagram, you have an example of the interaction between phases in the Red Team/Blue Team exercise:


It will be during the post-breach phase that the Red and Blue Team will work together to produce the final report
Location: United States

Comments

Post a Comment

Popular posts from this blog

iOS 13 Features

-
Image
In other words, iOS 13 should work on iPhone models from iPhone 6s onward, in addition to iPad mini 3 and later, the second-generation iPad Air and all later iPads, as well as the sixth-generation iPod touch. This was originally claimed by Israeli site The Verifier which in January said iOS 13 would drop compatibility for the iPhone 5s through iPhone 6s models. The reported removal of iOS 13 support for the iPhone SE and iPhone 6 models is very questionable because major iOS software updates are typically optimized for Apple’s processor models, not specific devices. If iOS 13 is indeed going to drop support for all the iPhone models with the Apple A8 chip, such as the iPhone 6/Plus range, then it will make no sense whatsoever to also remove compatibility for iPhone SE, which runs the newer Apple A9 chip and is still being manufactured in India. Join the Swift couse Equally puzzling is alleged support for the sixth-generation iPod touch because that device sports the same A8 pr
Read more

Data Science and Machine Learning

-
Image
Data Science and Machine Learning: Broad and Narrow Terminology First of all, data science is really a broad, overarching category of technology that encompasses many different types of projects and creations. Machine learning has been one of the biggest advancements in the history of computing, and now it is believed to be capable of taking on significant roles in the field of big data and analytics. Big data analysis is a huge challenge from the perspective of businesses. For example, activities such as making sense of huge volumes of varied data formats, data preparation for analytics and filtering redundant data can consume a lot of resources. Hiring data scientists and specialists is an expensive proposition and not within every company’s means. Experts believe that machine learning is capable of automating many tasks related to analytics – both routine and complex. Automating machine learning can free up a lot of resources that can be used in more complex and innovative job
Read more

Data Scientist Interview Question

-
Image
If you want to Become data scientist you have must know these questions. A data scientist should not only be evaluated only on his/her knowledge on machine learning, but he/she should also have good expertise in statistics. Prepare from onlineitguru is providing data science interview questions Explain The Various Benefits Of R Language? The R programming language includes a set of a software suite that is used for graphical representation, statistical computing, data manipulation, and calculation.      what is data science? Data science is a "concept to unify statistics, data analysis, machine learning, and their related methods" to "understand and analyze actual phenomena" with data. Data Science involves using automated methods to analyze massive amounts of data and to extract knowledge from them.         What is selection Bias? Selection bias occurs when the sample obtained is not representative of the population intended t
Read more