Crafting the InfoSec playbook security monitoring and incident response master plan
<div> Any good attacker will tell you that expensive security monitoring and prevention tools aren't enough to keep you secure. This practical book demonstrates a data-centric approach to distilling complex security monitoring, incident response, and threat analysis ideas into their most...
| Other Authors: | , , |
|---|---|
| Format: | eBook |
| Language: | Inglés |
| Published: |
Beijing, [China] :
O'Reilly Media
2015.
|
| Edition: | First edition |
| Subjects: | |
| See on Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009628906806719 |
Table of Contents:
- Copyright; Table of Contents; Foreword; Preface; Should You Read This Book?; Why We Wrote This Book; Cut to the Chase; How to Navigate This Book; Additional Resources; Conventions Used in This Book; Safari® Books Online; How to Contact Us; Acknowledgments; Chapter 1. Incident Response Fundamentals; The Incident Response Team; Justify Your Existence; Measure Up; Who's Got My Back?; Friends on the Outside; The Tool Maketh the Team; Choose Your Own Adventure; Buy or Build?; Run the Playbook!; Chapter Summary; Chapter 2. What Are You Trying to Protect?; The Four Core Questions
- There Used to Be a Doorway HereHost Attribution; Bring Your Own Metadata; Identifying the Crown Jewels; Make Your Own Sandwich; More Crown Jewels; Low-Hanging Fruit; Standard Standards; Risk Tolerance; Can I Get a Copy of Your Playbook?; Chapter Summary; Chapter 3. What Are the Threats?; "The Criminal Is the Creative Artist; the Detective Only the Critic"; Hanging Tough; Cash Rules Everything Around Me; Greed.isGood(); ; I Don't Want Your Wallet, I Want Your Phone; There's No Place Like 127.0.0.1; Let's Play Global Thermonuclear War; Defense Against the Dark Arts; Chapter Summary
- Chapter 4. A Data-Centric Approach to Security MonitoringGet a Handle on Your Data; Logging Requirements; Just the Facts; Normalization; Playing Fields; Fields in Practice; Fields Within Fields; Metadata: Data About Data About Data; Metadata for Security; Blinded Me with [Data] Science!; Metadata in Practice; Context Is King; Chapter Summary; Chapter 5. Enter the Playbook; Report Identification; {UNIQUE_ID}; {HF,INV}; {EVENTSOURCE}; {REPORT_CATEGORY}; {DESCRIPTION}; Objective Statement; Result Analysis; Data Query/Code; Analyst Comments/Notes; The Framework Is Complete-Now What?
- Chapter SummaryChapter 6. Operationalize!; You Are Smarter Than a Computer; People, Process, and Technology; Trusted Insiders; Don't Quit the Day Job; Critical Thinking; Systematic Approach; Playbook Management System; Measure Twice, Cut Once, Then Measure Again; Report Guidelines; Reviewing High-Fidelity Reports in Theory; Reviewing Investigative Reports in Theory; Reviewing Reports in Practice; Event Query System; Result Presentation System; Incident Handling and Remediation Systems; Case Tracking Systems; Keep It Running; Keep It Fresh; Chapter Summary; Chapter 7. Tools of the Trade
- Defense in DepthSuccessful Incident Detection; The Security Monitoring Toolkit; Log Management: The Security Event Data Warehouse; Intrusion Detection Isn't Dead; HIP Shot; Hustle and NetFlow; DNS, the One True King; HTTP Is the Platform: Web Proxies; [rolling] Packet Capture; Applied Intelligence; Shutting the Toolbox; Putting It All Together; Chapter Summary; Chapter 8. Queries and Reports; False Positives: Every Playbook's Mortal Enemy; There Ain't No Such Thing as a Free Report; An Inch Deep and a Mile Wide; A Million Monkeys with a Million Typewriters
- A Chain Is Only as Strong as Its Weakest Link
