Threat Hunting in the Cloud defending aws, azure, and other cloud platforms against cyberattacks
Implement a vendor-neutral and multi-cloud cybersecurity and risk mitigation framework with advice from seasoned threat hunting pros In Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks, celebrated cybersecurity professionals and authors Chris Peiris, B...
| Otros Autores: | , , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Indianapolis, Indiana :
John Wiley and Sons
[2021]
|
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009645697506719 |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright Page
- About the Authors
- About the Technical Editors
- Acknowledgments
- Contents at a Glance
- Contents
- Foreword
- Introduction
- What Does This Book Cover?
- Additional Resources
- How to Contact the Publisher
- Part I Threat Hunting Frameworks
- Chapter 1 Introduction to Threat Hunting
- The Rise of Cybercrime
- What Is Threat Hunting?
- The Key Cyberthreats and Threat Actors
- Phishing
- Ransomware
- Nation State
- The Necessity of Threat Hunting
- Does the Organization's Size Matter?
- Threat Modeling
- Threat-Hunting Maturity Model
- Organization Maturity and Readiness
- Level 0: INITIAL
- Level 1: MINIMAL
- Level 2: PROCEDURAL
- Level 3: INNOVATIVE
- Level 4: LEADING
- Human Elements of Threat Hunting
- How Do You Make the Board of Directors Cyber-Smart?
- Threat-Hunting Team Structure
- External Model
- Dedicated Internal Hunting Team Model
- Combined/Hybrid Team Model
- Periodic Hunt Teams Model
- Urgent Need for Human-Led Threat Hunting
- The Threat Hunter's Role
- Summary
- Chapter 2 Modern Approach to Multi-Cloud Threat Hunting
- Multi-Cloud Threat Hunting
- Multi-Tenant Cloud Environment
- Threat Hunting in Multi-Cloud and Multi-Tenant Environments
- Building Blocks for the Security Operations Center
- Scope and Type of SOC
- Services, Not Just Monitoring
- SOC Model
- Define a Process for Identifying and Managing Threats
- Tools and Technologies to Empower SOC
- People (Specialized Teams)
- Cyberthreat Detection, Threat Modeling, and the Need for Proactive Threat Hunting Within SOC
- Cyberthreat Detection
- Threat-Hunting Goals and Objectives
- Threat Modeling and SOC
- The Need for a Proactive Hunting Team Within SOC
- Assume Breach and Be Proactive
- Invest in People
- Develop an Informed Hypothesis.
- Cyber Resiliency and Organizational Culture
- Skillsets Required for Threat Hunting
- Security Analysis
- Data Analysis
- Programming Languages
- Analytical Mindset
- Soft Skills
- Outsourcing
- Threat-Hunting Process and Procedures
- Metrics for Assessing the Effectiveness of Threat Hunting
- Foundational Metrics
- Operational Metrics
- Threat-Hunting Program Effectiveness
- Summary
- Chapter 3 Exploration of MITRE Key Attack Vectors
- Understanding MITRE ATT&
- CK
- What Is MITRE ATT&
- CK Used For?
- How Is MITRE ATT&
- CK Used and Who Uses It?
- How Is Testing Done According to MITRE?
- Tactics
- Techniques
- Threat Hunting Using Five Common Tactics
- Privilege Escalation
- Case Study
- Credential Access
- Case Study
- Lateral Movement
- Case Study
- Command and Control
- Case Study
- Exfiltration
- Case Study
- Other Methodologies and Key Threat-Hunting Tools to Combat Attack Vectors
- Zero Trust
- Threat Intelligence and Zero Trust
- Build Cloud-Based Defense-in-Depth
- Analysis Tools
- Microsoft Tools
- Connect To All Your Data
- Workbooks
- Analytics
- Security Automation and Orchestration
- Investigation
- Hunting
- Community
- AWS Tools
- Analyzing Logs Directly
- SIEMs in the Cloud
- Summary
- Resources
- Part II Hunting in Microsoft Azure
- Chapter 4 Microsoft Azure Cloud Threat Prevention Framework
- Introduction to Microsoft Security
- Understanding the Shared Responsibility Model
- Microsoft Services for Cloud Security Posture Management and Logging/Monitoring
- Overview of Azure Security Center and Azure Defender
- Overview of Microsoft Azure Sentinel
- Using Microsoft Secure and Protect Features
- Identity &
- Access Management
- Infrastructure &
- Network
- Data &
- Application
- Customer Access.
- Using Azure Web Application Firewall to Protect a Website Against an "Initial Access" TTP
- Using Microsoft Defender for Office 365 to Protect Against an "Initial Access" TTP
- Using Microsoft Defender Endpoint to Protect Against an "Initial Access" TTP
- Using Azure Conditional Access to Protect Against an "Initial Access" TTP
- Microsoft Detect Services
- Detecting "Privilege Escalation" TTPs
- Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Privilege Escalation" TTP
- Detecting Credential Access
- Using Azure Identity Protection to Detect Threats Against a "Credential Access" TTP
- Steps to Configure and Enable Risk Polices (Sign-inRisk and User Risk)
- Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Credential Access" TTP
- Detecting Lateral Movement
- Using Just-in-Time in ASC to Protect and Detect Threats Against a "Lateral Movement" TTP
- Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Lateral Movement" TTP
- Detecting Command and Control
- Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Command and Control" TTP
- Detecting Data Exfiltration
- Using Azure Information Protection to Detect Threats Against a "Data Exfiltration" TTP
- Discovering Sensitive Content Using AIP
- Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Data Exfiltration" TTP
- Detecting Threats and Proactively Hunting with Microsoft 365 Defender
- Microsoft Investigate, Response, and Recover Features
- Automating Investigation and Remediation with Microsoft Defender for Endpoint
- Using Microsoft Threat Expert Support for Remediation and Investigation
- Targeted Attack Notification
- Experts on Demand
- Automating Security Response with MCAS and Microsoft Flow.
- Step 1: Generate Your API Token in Cloud App Security
- Step 2: Create Your Trigger in Microsoft Flow
- Step 3: Create the Teams Message Action in Microsoft Flow
- Step 4: Generate an Email in Microsoft Flow
- Connecting the Flow in Cloud App Security
- Performing an Automated Response Using Azure Security Center
- Using Machine Learning and Artificial Intelligence in Threat Response
- Overview of Fusion Detections
- Overview of Azure Machine Learning
- Summary
- Chapter 5 Microsoft Cybersecurity Reference Architecture and Capability Map
- Introduction
- Microsoft Security Architecture versus the NIST Cybersecurity Framework (CSF)
- Microsoft Security Architecture
- The Identify Function
- The Protect Function
- The Detect Function
- The Respond Function
- The Recover Function
- Using the Microsoft Reference Architecture
- Microsoft Threat Intelligence
- Service Trust Portal
- Security Development Lifecycle (SDL)
- Protecting the Hybrid Cloud Infrastructure
- Azure Marketplace
- Private Link
- Azure Arc
- Azure Lighthouse
- Azure Firewall
- Azure Web Application Firewall (WAF)
- Azure DDOS Protection
- Azure Key Vault
- Azure Bastion
- Azure Site Recovery
- Azure Security Center (ASC)
- Microsoft Azure Secure Score
- Protecting Endpoints and Clients
- Microsoft Endpoint Manager (MEM) Configuration Manager
- Microsoft Intune
- Protecting Identities and Access
- Azure AD Conditional Access
- Passwordless for End-to-EndSecure Identity
- Azure Active Directory (aka Azure AD)
- Azure MFA
- Azure Active Directory Identity Protection
- Azure Active Directory Privilege Identity Management (PIM)
- Microsoft Defender for Identity
- Azure AD B2B and B2C
- Azure AD Identity Governance
- Protecting SaaS Apps
- Protecting Data and Information
- Azure Purview
- Microsoft Information Protection (MIP).
- Azure Information Protection Unified Labeling Scanner (File Scanner)
- The Advanced eDiscovery Solution in Microsoft 365
- Compliance Manager
- Protecting IoT and Operation Technology
- Security Concerns with IoT
- Understanding That IoT Cybersecurity Starts with a Threat Model
- Microsoft Investment in IoT Technology
- Azure Sphere
- Azure Defender
- Azure Defender for IoT
- Threat Modeling for the Azure IoT Reference Architecture
- Azure Defender for IoT Architecture (Agentless Solutions)
- Azure Defender for IoT Architecture (Agent-basedsolutions)
- Understanding the Security Operations Solutions
- Understanding the People Security Solutions
- Attack Simulator
- Insider Risk Management (IRM)
- Communication Compliance
- Summary
- Part III Hunting in AWS
- Chapter 6 AWS Cloud Threat Prevention Framework
- Introduction to AWS Well-Architected Framework
- The Five Pillars of the Well-Architected Framework
- Operational Excellence
- Security
- Reliability
- Performance Efficiency
- Cost Optimization
- The Shared Responsibility Model
- AWS Services for Monitoring, Logging, and Alerting
- AWS CloudTrail
- Amazon CloudWatch Logs
- Amazon VPC Flow Logs
- Amazon GuardDuty
- AWS Security Hub
- AWS Protect Features
- How Do You Prevent Initial Access?
- Prerequisites
- Create an API
- Create and Configure an AWS WAF
- How Do You Protect APIs from SQL Injection Attacks Using API Gateway and AWS WAF?
- AWS Detection Features
- How Do You Detect Privilege Escalation?
- How Do You Detect the Abuse of Valid Account to Obtain High-Level Permissions?
- Prerequisites
- Configure GuardDuty to Detect Privilege Escalation
- Reviewing the Findings
- How Do You Detect Credential Access?
- How Do You Detect Unsecured Credentials?
- Prerequisites
- Reviewing the Findings
- How Do You Detect Lateral Movement?.
- How Do You Detect the Use of Stolen Alternate Authentication Material?.
