You don't suddenly start "looking for attacks on your network". This isn't 1998, its 2022 and if you're not automating and scaling these kinds of detections then you've likely already lost. — Chris Rohlf
- John Lambert: Defender’s Mindset (2021-11-21)
- MITRE: ATT&CK + D3FEND
- Mandiant: Proactive Preparation and Hardening to Protect Against Destructive Attacks (2022-01)
- Lockheed-Martin: Threat-Driven Approach to Cyber Security + Defendable Architectures (2019)
- Richard Bejtlich: Defensible Network Architecture 2.0 (2008)
- CISA:
- Insights: Foreign Influence Operations Targeting Critical Infrastructure (2022-02)
- AA21-116A: Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders
- AA22-011A: Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure (2022-01)
- AA21-008A: Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments
- AA20-073A: Enterprise VPN Security
- Shields Up + additional advice from The Krebs-Stamos Group
- NIST: SP 800-160: Engineering Trustworthy Secure Systems (2022-01)
- NSA:
- CISA:
- Trusted Internet Connections version 3
- US Office of Management and Budget: Moving the U.S. Government Towards Zero Trust Cybersecurity Principle' (2022-01)
- NIST: SP 800-207: Zero Trust Architecture (2020-08)
- DOD: Zero Trust Reference Architecture (2021-03)
- The Open Group: W210: Zero Trust Core Principles (2021-04)
- CISA: Known Exploited Vulnerabilities Catalog (KEV)
- FIRST: Exploit Prediction Scoring System (EPSS) (2022-02)
- NIST: SP 800-40r4: Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology (2021-11)
- Secure Active Directorhttps://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory)
XXX