Building an intelligence-led security program

Building an intelligence-led security program

As recently as five years ago, securing a network meant putting in a firewall, intrusion detection system, and installing antivirus software on the desktop. Unfortunately, attackers have grown more nimble and effective, meaning that traditional security programs are no longer effective. Today's...

Descripción completa

Detalles Bibliográficos
Otros Autores: Liska, Allan, author (author), Gallo, Tim, editor (editor)
Formato: Libro electrónico
Idioma:Inglés
Publicado: Waltham, Massachusetts : Syngress 2015.
Edición:First edition
Materias:
Computer networks > Security measures.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009629194906719
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright Page
  • Dedication
  • Contents
  • Introduction
  • About the Author
  • About the Technical Editor
  • Acknowledgments
  • Chapter 1 - Understanding the threat
  • Information in This Chapter:
  • Introduction
  • A brief of history of network security
  • The Morris worm
  • Firewalls
  • Intrusion detection systems
  • The desktop
  • The mail filter and the proxy
  • Distributed denial of service attacks
  • Unified threat management
  • Understanding the current threat
  • The business of malware
  • Commoditization of malware
  • The king phish
  • The attack surface is expanding
  • The rise of the cloud
  • The coming threats
  • Conclusion
  • References
  • Chapter 2 - What is intelligence?
  • Information in This Chapter:
  • Introduction
  • Defining intelligence
  • The intelligence cycle
  • Types of intelligence
  • The professional analyst
  • Denial and deception
  • Intelligence throughout the ages
  • Sun Tzu
  • Julius Caesar
  • George Washington
  • Bletchley Park
  • Conclusion
  • References
  • Chapter 3 - Building a network security intelligence model
  • Information in This Chapter:
  • Introduction
  • Defining cyber threat intelligence
  • The anatomy of an attack
  • Approaching cyber attacks differently
  • A note about time to live
  • Incorporating the intelligence lifecycle into security workflow
  • Intelligence is alive
  • A picture is worth a thousand words
  • Automation
  • Conclusion
  • References
  • Chapter 4 - Gathering data
  • Information in This Chapter:
  • Introduction
  • The continuous monitoring framework
  • NIST cybersecurity framework
  • The framework core
  • Framework implementation tiers
  • The framework profile
  • Security + intelligence
  • The business side of security
  • Planning a phased approach
  • The goal
  • The initial assessment
  • Analyzing the current security state
  • Moving to the next phase.
  • Conclusion
  • References
  • Chapter 5 - Internal intelligence sources
  • Information in This Chapter:
  • Introduction
  • Asset, vulnerability, and configuration management
  • Configuration management
  • Network logging
  • The trouble with SIEMs
  • The power of SIEMs
  • Managed security service providers
  • Access control
  • Network monitoring
  • Conclusion
  • References
  • Chapter 6 - External intelligence sources
  • Information in This Chapter:
  • Introduction
  • Brand monitoring versus intelligence
  • Asset, vulnerability, and configuration management
  • Network logging
  • IP addresses as pivot points
  • Domain names as pivot points
  • File hashes as pivot points
  • Pivoting from MSSP alerts
  • Network monitoring
  • YARA
  • Protecting against zero-day attacks
  • Incident response and intelligence
  • Collaborative research into threats
  • Conclusion
  • ReferenceS
  • Chapter 7 - Fusing internal and external intelligence
  • Information in This Chapter:
  • Introduction
  • Security awareness training
  • Customer security awareness training
  • OpenIOC, CyBOX, STIX, and TAXII
  • OpenIOC
  • CyBOX
  • STIX and TAXII
  • Threat intelligence management platforms
  • TIMPs as a Rosetta Stone
  • Big data security analytics
  • Hadoop
  • Conclusion
  • Reference
  • Chapter 8 - CERTs, ISACs, and intelligence-sharing communities
  • Information in This Chapter:
  • Introduction
  • CERTs and CSIRTs
  • CERT/Coordination Center
  • US-CERT and country-level CSIRTs
  • Company-level CSIRTs
  • ISACs
  • The ISACs
  • Intelligence-sharing communities
  • Conclusion
  • References
  • Chapter 9 - Advanced intelligence capabilities
  • Information in This Chapter:
  • Introduction
  • Malware analysis
  • Why it is a bad idea
  • Setting up a malware lab
  • Planning the network
  • Virtual machines versus cloning
  • Getting the malware to the lab
  • Malware tools
  • System tools
  • Sandbox.
  • Turning data into intelligence
  • Honeypots
  • Why it is a bad idea
  • Positioning a honeypot
  • Creating a plan
  • Types of honeypots
  • Choosing a honeypot
  • Intrusion deception
  • Why it is a bad idea
  • How intrusion deception works
  • Conclusion
  • Reference
  • Index.

Ejemplares similares