Question

The Chief Information Security Officer (CISO) has asked the security team to determine whether the organization is susceptible to a zero-day exploit utilized in the banking industry and whether attribution is possible. The CISO has asked what process would be utilized to gather the information, and then wants to apply signatureless controls to stop these kinds of attacks in the future.

Which of the following are the MOST appropriate ordered steps to take to meet the CISO's request?

A. 1. Perform the ongoing research of the best practices 2. Determine current vulnerabilities and threats 3. Apply Big Data techniques 4. Use antivirus control
B. 1. Apply artificial intelligence algorithms for detection 2. Inform the CERT team 3. Research threat intelligence and potential adversaries 4. Utilize threat intelligence to apply Big Data techniques
C. 1. Obtain the latest IOCs from the open source repositories 2. Perform a sweep across the network to identify positive matches 3. Sandbox any suspicious files 4. Notify the CERT team to apply a future proof threat model
D. 1. Analyze the current threat intelligence 2. Utilize information sharing to obtain the latest industry IOCs 3. Perform a sweep across the network to identify positive matches 4. Apply machine learning algorithms

Answer 1

To address the CISO's request, the security team should analyze threat intelligence, share information to get the latest IOCs, sweep the network for matches, and apply machine learning for detection. These steps provide a structured approach to identifying and preventing zero-day exploits in the banking industry.

Step-by-step explanation:

To meet the request of the Chief Information Security Officer (CISO) for determining susceptibility to a zero-day exploit and applying signatureless controls, the following steps should be taken, presented in a methodical order:

1. Analyze the current threat intelligence: Keeping abreast with the latest cyber threats, specifically zero-day vulnerabilities, is critical for proactive defense. This involves continuous monitoring of various intelligence feeds and security forums.
2. Utilize information sharing to obtain the latest industry Indicators of Compromise (IOCs): Collaboration with other entities in the banking sector can provide valuable insights into emerging threats and aid in the early detection of possible zero-day exploits.
3. Perform a sweep across the network to identify positive matches with IOCs: Using advanced scanning tools, the security team can search for signatures or behaviors that match known IOCs in order to detect compromised systems.
4. Apply machine learning algorithms: To enhance the detection of zero-day exploits, machine learning can be employed. This allows for the identification of unusual patterns and anomalies that signify a breach, without relying solely on known signatures.

It is also important to engage in root cause analysis to identify underlying vulnerabilities, and to establish protocols for gathering information from stakeholders to improve security measures.