WEBVTT - This file was automatically generated by VIMEO 1 00:00:02.200 --> 00:00:04.800 Welcome to sufficient logging and monitoring session. 2 00:00:06.600 --> 00:00:10.600 In this first part, we will focus on threat analysis. We 3 00:00:10.600 --> 00:00:13.700 will first discuss what insufficient logging and monitoring is 4 00:00:13.700 --> 00:00:16.400 and then how the system can be harmed, the impact of 5 00:00:16.400 --> 00:00:19.200 successful exploitation, and give you some insights to 6 00:00:19.200 --> 00:00:22.800 identify who may want to harm your system insufficient 7 00:00:22.800 --> 00:00:25.300 logging and monitoring is the Bedrock of nearly every 8 00:00:25.300 --> 00:00:28.200 major incident allowing attackers activity to pass a 9 00:00:28.200 --> 00:00:31.900 notice in 2016, identifying 10 00:00:31.900 --> 00:00:34.800 a bridge to Canaveral job, 191 days, 11 00:00:34.900 --> 00:00:36.300 plenty of time for damage to 12 00:00:36.300 --> 00:00:40.000 Inflicted and we are not doing better and 13 00:00:39.800 --> 00:00:42.300 2019. This number grew to two hundred 14 00:00:42.300 --> 00:00:45.700 and six days plus 7 to 3 days, average to contain 15 00:00:45.700 --> 00:00:48.200 a bridge. We are talking about two hundred 16 00:00:48.200 --> 00:00:52.100 seventy nine days. Total. You should 17 00:00:51.100 --> 00:00:54.000 consider that any of the other owasp top 18 00:00:54.200 --> 00:00:57.300 10 risks in the sociated. Vulnerabilities, may be used 19 00:00:57.300 --> 00:01:00.800 as attack. Vectors attackers. Do not exploit insufficient 20 00:01:00.800 --> 00:01:03.400 logging and monitoring directly. They go after other 21 00:01:03.400 --> 00:01:06.300 vulnerabilities and application may have, and take advantage of 22 00:01:06.300 --> 00:01:09.500 each of His official logging and monitoring to pass unnoticed in 23 00:01:09.500 --> 00:01:12.200 make their attack last longer until your organization is 24 00:01:12.200 --> 00:01:15.500 capable of mitigated improper 25 00:01:15.500 --> 00:01:18.500 logging and monitoring leads to longer incident response 26 00:01:18.500 --> 00:01:21.600 times. Preventing organizations to react in a timely fashion. 27 00:01:21.300 --> 00:01:24.600 When the logs do not include sufficient details 28 00:01:24.600 --> 00:01:27.800 along the organization to understand the attackers activity extent. 29 00:01:27.300 --> 00:01:30.700 Then there's a loss of accountability, the 30 00:01:30.700 --> 00:01:33.200 losses are obvious and they have been reported in 31 00:01:33.200 --> 00:01:36.200 the news behind the damage caused by attackers it. 32 00:01:36.400 --> 00:01:39.500 50 organizations may also be subject of fines 33 00:01:39.500 --> 00:01:42.100 according to applicable, law and regulations. 34 00:01:43.700 --> 00:01:46.700 Malicious actors did not exploit directly sufficient logging 35 00:01:46.700 --> 00:01:49.600 in monitoring, but it makes their activities and noticed 36 00:01:49.600 --> 00:01:52.900 or at least harder to detect and track anyone 37 00:01:52.900 --> 00:01:55.400 to whom your systems date, is valuable me Target 38 00:01:55.400 --> 00:01:58.500 your application to get an authorized access or even controlling 39 00:01:58.500 --> 00:02:01.300 the system, reviewing the threat analysis, part of 40 00:02:01.300 --> 00:02:04.200 previous sessions may help. You identifying who may want 41 00:02:04.200 --> 00:02:07.800 to harm your system. You should think about it, broadly depending 42 00:02:07.800 --> 00:02:10.300 on your systems nature. Foreign nations may 43 00:02:10.300 --> 00:02:13.400 be a threat agent, on the other hand. You have a non-toxic 44 00:02:13.500 --> 00:02:17.000 Get specific threat agents looking for ransom employees 45 00:02:16.100 --> 00:02:20.000 and contractors terrorists in the activists and 46 00:02:19.700 --> 00:02:22.400 organized crime. You'll find this table 47 00:02:22.400 --> 00:02:25.300 in the last top 10. Pause the video, and take your time to 48 00:02:25.300 --> 00:02:28.200 carefully, read it in the next part. We will 49 00:02:28.200 --> 00:02:31.200 demonstrate how attackers take advantage of insufficient logging and 50 00:02:31.200 --> 00:02:34.500 monitoring while perpetrating a credential stuffing attack on 51 00:02:34.500 --> 00:02:35.900 our Target application.