Intro to Defensive Security | Tryhackme Walkthrough

Introducing defensive security and related topics, such as threat intelligence, SOC, DFIR, and SIEM.

Introduction to Defensive Security

Blue teams are part of the defensive security landscape.

Some of the tasks that are related to defensive security include:

• User cyber security awareness: Training users about cyber security helps protect against various attacks that target their systems.
• Documenting and managing assets: We need to know the types of systems and devices that we have to manage and protect properly.
• Updating and patching systems: Ensuring that computers, servers, and network devices are correctly updated and patched against any known vulnerability (weakness).
• Setting up preventative security devices: firewall and intrusion prevention systems (IPS) are critical components of preventative security. Firewalls control what network traffic can go inside and what can leave the system or network. IPS blocks any network traffic that matches present rules and attack signatures.
• Setting up logging and monitoring devices: Without proper logging and monitoring of the network, it won’t be possible to detect malicious activities and intrusions. If a new unauthorized device appears on our network, we should be able to know.

There is much more to defensive security, and the list above only covers a few common topics.