📢 A Critical Lesson on the importance of Defense-in-Depth for the Government Cybersecurity Community 📢 A recent Cybersecurity and Infrastructure Security Agency Red Team exercise showed how important it is to strategically manage and mitigate vulnerabilities. CISA’s Red Team exploited a CVE at an undisclosed federal agency and was able to access the agency’s Oracle Solaris system. It took the agency more than two weeks to patch this vulnerability, during which time the Red Team maintained access, simulating a long-term threat. Here are a few key takeaways that a cybersecurity team or contractor should always have in place: ✨ It should never take more than 48 hours to patch a vulnerability. ✨ Dedicate time to enacting a strong Defense-in-Depth strategy upfront to avoid this level of breach in the future. ✨ Have an incident response plan prepared in case a vulnerability in your system is exploited; you don’t want to develop the plan as it happens. You can read the advisory here: https://shorturl.at/YeY1A
Ok but what agency was it? 😅🤣
Network Operations Engineer 🌐 | Threat Researcher 🛡 | NSA Validated MS in Cybersecurity 💻 | MS in Homeland Security ⚔️ | Sec+ 🔐 | AWS CP ☁️ | CTI 🔎 | TS/SCI w Poly 🔑 | ⚓️Veteran⚓️ |
2moCTI...anticipate, prepare, take action. Be proactive not reactive.