WEBVTT 00:07.400 --> 00:09.740 Technology and tools are constantly evolving. 00:09.770 --> 00:12.230 Perhaps the fastest in the realm of cybersecurity. 00:12.260 --> 00:17.060 We have to be vigilant to stay on top of new threats and attacks, and be sure to keep our tools up 00:17.060 --> 00:17.630 to date. 00:17.660 --> 00:23.240 This episode gives a high level overview of scripting APIs, webhooks, and of course, plugins. 00:23.240 --> 00:28.610 And the last episode we talked about utilizing automation across our different organizational environment 00:28.640 --> 00:31.220 to enhance our store environment. 00:31.220 --> 00:35.780 And this episode we're going to go over specific technology and tools that we could utilize in that 00:35.780 --> 00:36.800 sworn environment. 00:36.830 --> 00:43.370 Tools and technology are ever evolving, and perhaps the most the fastest growing within the cybersecurity 00:43.370 --> 00:44.030 realm. 00:44.030 --> 00:48.830 We have to be vigilant within our cybersecurity tool framework to understand the different threats, 00:48.830 --> 00:53.480 the threat actors, the threat vectors, and the attacks that they may be utilizing on an up to date 00:53.480 --> 00:54.230 basis. 00:54.260 --> 01:00.200 Each company or organization that you work with within your cyber career has a list of different tools 01:00.200 --> 01:02.270 and technologies that you may utilize. 01:02.270 --> 01:07.900 These come in the form of scripting APIs, webhooks or plugins, and we're going to tackle each one 01:07.900 --> 01:09.700 of these on an individual basis. 01:09.730 --> 01:14.920 Scripting offers the benefits for an organization and individuals alike, because it provides us an 01:14.920 --> 01:19.210 automated process in order to remove that human interaction. 01:19.210 --> 01:26.440 We gave in our last episode a design of how scripting can be utilized in the entire network by configuring 01:26.440 --> 01:32.290 specific radios associated with a site, and then again with the switch to provide us a streamlined 01:32.290 --> 01:39.130 effort and remove not only redundancy, but remove, uh, specific configuration requirements within 01:39.130 --> 01:40.660 each automated process. 01:40.690 --> 01:46.000 Uh, scripting really provides an automated, efficient process that's standardized within your individual 01:46.000 --> 01:46.810 environment. 01:46.810 --> 01:51.340 It's important to note within CSA that you don't need to know how to script. 01:51.340 --> 01:53.320 You just need to know what scripting is. 01:53.320 --> 02:01.480 You may see questions specific to, hey, what type of tool may I utilize to automate a tedious or ongoing 02:01.510 --> 02:04.450 procedure that to remove human interaction? 02:04.480 --> 02:07.060 The answer would obviously be something like scripting. 02:07.090 --> 02:13.150 It provides flexibility as well, where I can be flexible in how I use that scripting. 02:13.480 --> 02:17.050 But not just the reuse of the scripting, but flexibility. 02:17.050 --> 02:23.650 As in I can script configuration process for a cellular network, but I can also script a policy or 02:23.650 --> 02:30.010 configuration for a router, or I can script an automated process to look for a specific word or set 02:30.010 --> 02:30.550 of words. 02:30.550 --> 02:36.370 Or I can automate a process to open the door automatically whenever somebody comes to it. 02:36.400 --> 02:43.000 Scripting really provides us an integrated process within our enterprise environment to do low hanging 02:43.000 --> 02:49.870 fruit, or to provide a way to automate something that is very tedious, mind numbing, and low on the 02:49.870 --> 02:50.800 priority tree. 02:50.830 --> 02:56.890 We really don't want to use scripting to create a video game or create a complex environment. 02:56.890 --> 03:02.350 It really should be something that's very cut and dry and standardized across the entire workflow. 03:02.380 --> 03:08.950 Application programming interfaces, or API you most often see this associated with web applications. 03:08.950 --> 03:16.370 It provides a simplified integration platform to where you can go through a program or a web application 03:16.370 --> 03:17.780 and actually interact with it. 03:17.810 --> 03:22.460 You see this usually on something like Nessus, where it provides this, that GUI interface, but on 03:22.460 --> 03:27.680 a web interface, it's simplified, it's efficient, it doesn't require a lot of expertise, and it 03:27.680 --> 03:30.740 can be scalable, meaning that you can change the way it looks. 03:30.740 --> 03:37.370 You can move things around, maybe inject new information into the interface that you're utilizing. 03:37.400 --> 03:42.680 I've seen this in different platforms, where we have a website where I can go through and look at different 03:42.680 --> 03:47.960 features across my network enterprise environment, and then I can set it up appropriately. 03:47.960 --> 03:50.330 You can see this in EDR solutions. 03:50.330 --> 03:52.790 You can see it in different programs. 03:52.940 --> 03:57.020 Most notably, I've seen it in something like Nessus, where they have the board that shows you how 03:57.020 --> 04:01.340 many vulnerabilities are associated with your network, and you can maneuver the different screens around 04:01.340 --> 04:02.270 as you see fit. 04:02.300 --> 04:09.020 Sam really has a great API where the GUI interface is really customizable to you, the user, depending 04:09.020 --> 04:13.730 on what you want to look at specifically, and that can change from user to user by providing a very 04:13.730 --> 04:18.740 flexible platform in order to interact with that web program or that web application. 04:18.770 --> 04:24.680 Webhooks provide us real time communication, is scalable, efficient, flexible, and has reduced latency. 04:24.710 --> 04:27.860 Now I just read off all those words, so you're probably thinking to yourself, what in the world is 04:27.860 --> 04:28.580 a webhook? 04:28.610 --> 04:36.050 Webhooks provide us a subset of API where it provides us a simpler and more automated approach compared 04:36.050 --> 04:37.700 to a traditional API. 04:37.730 --> 04:43.370 While APIs require manual triggering through a process, meaning I have to trigger it and go through 04:43.370 --> 04:47.510 and say, hey, this comes into play, and if this happens, then do this. 04:47.540 --> 04:53.570 A webhook really provides us a format where I can literally drag and drop it, and it's typically straightforward 04:53.570 --> 04:54.830 in that manner, right? 04:54.860 --> 05:00.230 They commonly take form of URLs provided by receiving application and allow other applications to send 05:00.230 --> 05:01.190 and receive data. 05:01.220 --> 05:06.980 Meaning I can pull different data from different applications to associate my web page. 05:06.980 --> 05:13.730 So I want you to think about if I've got a CRM solution where it provides me traffic monitoring on one 05:13.730 --> 05:19.290 window, maybe on my antivirus program is working at a specific client that I want to see. 05:19.320 --> 05:24.990 Or maybe I've got a server that's using an antivirus program as a client based firewall, and maybe 05:24.990 --> 05:27.780 I want to grab all of that into a single screen. 05:27.780 --> 05:34.470 I can pull tidbits of different information across those three different programs to hook into my singular 05:34.470 --> 05:35.190 web page. 05:35.190 --> 05:40.020 This is a web hook and provides me a different flexibility depending on the different applications that 05:40.020 --> 05:42.090 I want to utilize or hook into it. 05:42.120 --> 05:46.350 Plugins provide us an enhanced functionality through the use of the web browser. 05:46.380 --> 05:51.150 They're usually flexible and scalable, meaning that I can grab them depending on what I want them to 05:51.150 --> 05:51.630 do. 05:51.660 --> 05:58.110 I can create a plugin from an antivirus program such as Bitdefender or Norton, even McAfee, so that 05:58.110 --> 06:04.020 if I visit a website and maybe that website isn't actually 100% secure, or maybe it's an HTTP instead 06:04.020 --> 06:11.040 of Https, my my antivirus program will say, hey, this is an unsecured website, are you sure you 06:11.040 --> 06:12.060 want to utilize it? 06:12.060 --> 06:17.460 This is an example of a plugin from a cyber perspective, but it could go into more detail if you're 06:17.460 --> 06:21.510 downloading something, maybe your plugin tracks it and goes wait a second before it even gets on the 06:21.510 --> 06:22.600 computer system. 06:22.630 --> 06:25.510 Your browser is going, wait, that's a known problem. 06:25.540 --> 06:28.210 Don't download this and will actually attempt to block it. 06:28.210 --> 06:33.730 That's a form of a plugin interlinked with your web browser to provide additional security, but it 06:33.730 --> 06:34.720 can't be more than that. 06:34.720 --> 06:41.230 We can see flexibility and scalability where the plugin can provide enhanced features beyond just simple 06:41.260 --> 06:41.980 browsing. 06:41.980 --> 06:48.040 We can see enhanced features such as determining where your programs are associated from a download 06:48.040 --> 06:52.690 page, or provide us a different complexities within the web browser itself. 06:52.900 --> 06:57.970 You'll hear me see browser quite often, because plugins and browsers almost go hand in hand depending 06:57.970 --> 06:59.830 on what you're trying to utilize. 06:59.830 --> 07:04.750 They're very efficient and cost effective measures from a cyber perspective, where if I've got a bunch 07:04.750 --> 07:11.410 of clients and they're all using the Microsoft browser, that edge browser, I may utilize my antivirus 07:11.410 --> 07:16.240 plugin across all clients, across my entire enterprise environment to provide that additional security 07:16.270 --> 07:16.900 feature. 07:16.930 --> 07:23.500 Single pane of glass, or Spog, is a security operations technology that is relatively new. 07:23.530 --> 07:29.060 Within this concept, we take all the different aspects of our security operations, and then we can 07:29.060 --> 07:34.010 provide it into an easy to read, easy to use concept that is presented to the user. 07:34.010 --> 07:40.160 So you may see Spogs utilize where they've got SIM information, antivirus network information. 07:40.160 --> 07:46.250 Maybe my, uh, intrusion prevention system is providing me information and is providing this window 07:46.250 --> 07:51.890 or a glimpse across my entire network enterprise environment that shows me exactly what's going on at 07:51.890 --> 07:53.420 different specific points. 07:53.450 --> 08:00.470 Now, Spock or Spock is often utilized within a security environment to provide me a heads up display 08:00.500 --> 08:06.830 of the or a snapshot of what's going on within my enterprise environment, making it easier to read 08:06.830 --> 08:08.990 and kind of hits all the high points. 08:08.990 --> 08:14.030 What we really want to try to avoid within Spock environment, or a single pane of glass environment 08:14.030 --> 08:18.800 is where we've got too much information, or we have information that really isn't that useful. 08:18.800 --> 08:24.620 Maybe I want to know how much traffic is going outside my environment by providing both a baseline of 08:24.620 --> 08:31.720 the hour by hour, but also the real time environment where it's providing me a elliptical wave across 08:31.720 --> 08:38.200 my screen in one corner that says I'm doing normal traffic capacity for the day within my environment. 08:38.230 --> 08:40.030 This would be useful information. 08:40.060 --> 08:45.460 What wouldn't be useful information is what one client across my entire enterprise environment, made 08:45.460 --> 08:48.400 up of 10,000 different clients, is doing. 08:48.430 --> 08:51.550 That's not really useful information for a security analyst. 08:51.550 --> 08:57.310 So the single pane of glass concept really takes in those different security related mechanisms and 08:57.310 --> 08:59.920 provide it for an easy to read format. 08:59.950 --> 09:05.200 We want to avoid providing an environment that is too small to read by having too many windows, but 09:05.200 --> 09:11.230 we also want to avoid having windows that are so jam packed full of information that it's going to be 09:11.230 --> 09:13.330 over cumbersome to the actual user. 09:13.360 --> 09:19.810 Single pane of glass is a great concept when put in correctly, where we've got 4 to 6 different windows 09:19.810 --> 09:24.370 associated with our environment, but I would really avoid going over eight if at all. 09:24.370 --> 09:25.120 Practical. 09:25.150 --> 09:30.070 Throughout this episode, we've identified scripting and APIs We've also discovered different webhooks 09:30.070 --> 09:33.810 and plugins and how they're essential for keeping our systems system secure. 09:33.810 --> 09:38.580 We've identified what single pane of glass is and how it's utilized in our security environment, and 09:38.580 --> 09:43.830 why it could increase our efficiency and outlook across our enterprise environment. 09:43.830 --> 09:45.510 For security perspective. 09:45.540 --> 09:52.320 You really want to keep in mind for Cisa what we're looking at, the high level picture within an enterprise 09:52.320 --> 09:57.360 environment, you're really stuck between that technical rule versus that management rule and how to 09:57.360 --> 10:03.360 identify the best practice for doing your job as an analyst, what's going to streamline what we're 10:03.360 --> 10:09.450 trying to achieve and make it easiest for not only you, but other analysts to utilize the technology 10:09.450 --> 10:10.440 that we're providing? 10:10.440 --> 10:15.900 Remember, you're not going to get questions about specific technologies in scripting, i.e., we're 10:15.900 --> 10:21.300 not going to ask you to perform a script, but we are going to ask you questions like if you utilize 10:21.300 --> 10:25.770 scripting, what would it be the best procedure for this perspective environment? 10:25.770 --> 10:31.500 Expect a lot of scenario based questions that really kind of identify the technology that you would 10:31.500 --> 10:37.680 utilize in the most efficient or best pattern to utilize that technology for the specific scenario.