Today, the Cybersecurity and Infrastructure Security Agency (CISA) published a Cybersecurity Advisory (CSA) detailing tactics, techniques, procedures (TTPs) and key findings from a 2022 Red Team assessment to provide network defenders of critical infrastructure organizations proactive steps they can take to reduce the threat of similar activity from malicious cyber actors.  

 The advisory titled, CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks, underscores the importance for all organizations to collect and monitor logs for unusual activity as well as continuous testing and exercises to ensure their environment is not vulnerable to compromise, regardless of its cybersecurity maturity level. During the assessment, CISA’s Red Team mimicked malicious threat actors to assess the cyber detection and response capabilities of a large critical infrastructure organization with multiple geographically separated sites. Some of the key findings include insufficient host and network monitoring, lack of monitoring on endpoint management systems, and excessive permissions to standard users, among other findings. The advisory also includes recommended mitigations to help all organizations harden their environment and protect against real-world malicious activity as well as more technical details that organizations should review. Access the full advisory at CISA.