Gain insights into cyber security fundamentals, explore common threats, discover protection mechanisms like firewalls, learn monitoring and response strategies, and develop secure systems as a developer.

Modern computer systems are almost universally connected, which creates wider attack surfaces well beyond code to users, hardware, and more. Securing systems is thus a fundamental skill for modern software engineers.

This course is a comprehensive introduction to cyber security best practices. You’ll start with an overview of common threats and vulnerabilities, as well as high-level concepts like privilege, integrity, logging, and mediation. With these concepts in mind, you’ll then learn common protection mechanisms and defense strategies from endpoint protection to firewalls, gateways, and proxy servers. Next, you’ll learn monitoring and detection techniques, alerts, and event management. Finally, when you detect a threat, you’ll know how to respond with support tickets, data preservation, and change management.

By the end of this course, you’ll have a better understanding of modern cyber security practices and a clear roadmap to implementing these as a developer.

Cyber Security Best Practices for Developers

## Overview

A **malware prevention system (MPS)**, also known as a malware analysis appliance, can be an effective way to prevent malicious applications or scripts from landing and executing on a device. An MPS is installed at the network perimeter and needs to have a way to intercept binary files for inspection. One way is to have the MPS interface with an email gateway so that email attachments are stripped and fed to the MPS for inspection.
## How it works

An MPS is focused on the application level of network activity and examines files employees download during the day. These files could be deliberately downloaded or accidentally, such as clicking the wrong link in an email. Regardless of the file or its delivery method, when downloaded, the MPS makes a copy of the file and executes (or detonates) it in a container that the MPS starts up to analyze the file. The analysis observes and records the actions that the file performs, such as:


- Network connections

- What's loaded into memory

- Files that are accessed or changed

- Registry changes

- Processes it spawns

Based on the analysis and comparison with signatures of other known malicious files, the MPS forms a conclusion about whether the binary is malicious.

## Only providing an alert on the first infection 

It’s possible that the first infection may not be blocked. This is because a typical implementation of an MPS is to install it so that it’s not in-line. The MPS receives a copy of the attachment while the original attachment is still delivered to its intended recipient. This is because no conclusion has been made yet about the file. Suppose an MPS does identify the file as malicious. In that case, the MPS might alert the email gateway or another security appliance so that any future download attempts of the same file are blocked.


# Overview

A **malware prevention system (MPS)**, also known as a malware analysis appliance, can be an effective way to prevent malicious applications or scripts from landing and executing on a device. An MPS is installed at the network perimeter and needs to have a way to intercept binary files for inspection. One way is to have the MPS interface with an email gateway so that email attachments are stripped and fed to the MPS for inspection.
# How it works

An MPS is focused on the application level of network activity and examines files employees download during the day. These files could be deliberately downloaded or accidentally, such as clicking the wrong link in an email. Regardless of the file or its delivery method, when downloaded, the MPS makes a copy of the file and executes (or detonates) it in a container that the MPS starts up to analyze the file. The analysis observes and records the actions that the file performs, such as:


- Network connections

- What's loaded into memory

- Files that are accessed or changed

- Registry changes

- Processes it spawns

Based on the analysis and comparison with signatures of other known malicious files, the MPS forms a conclusion about whether the binary is malicious.

# Only providing an alert on the first infection 

It’s possible that the first infection may not be blocked. This is because a typical implementation of an MPS is to install it so that it’s not in-line. The MPS receives a copy of the attachment while the original attachment is still delivered to its intended recipient. This is because no conclusion has been made yet about the file. Suppose an MPS does identify the file as malicious. In that case, the MPS might alert the email gateway or another security appliance so that any future download attempts of the same file are blocked.


Learn how a malware prevention system (MPS) protects an organization from malicious applications and scripts.

Introduction

Basics of Security

Detect

Protect

Respond

Conclusion

Malware Prevention System

Overview

How it works