Cybersecurity blue team strategies uncover the secrets of blue teams to combat cyber threats in your organization
This book will help you understand how a blue team is formed and why it is crucial for businesses. You'll learn different security controls, such as preventive and defensive controls, and become equipped to set up a blue team from scratch.
| Otros Autores: | , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham ; Mumbai :
Packt Publishing, Limited
[2023]
|
| Edición: | 1st ed |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009726539506719 |
Tabla de Contenidos:
- Intro
- Preface
- Part 1: Establishing the Blue
- Chapter 1: Establishing a Defense Program
- How do organizations benefit from implementing the blue teaming approach?
- Risk assessment
- Monitoring and surveillance
- Security controls
- Reporting and recommendation to management
- A blue team's composition
- Analysts
- Incident responder
- Threat hunter
- Security consultant
- Security administrator
- Identity and Access Management (IAM) administrator
- Compliance analyst
- Red team
- Purple team
- Cyber threat intelligence
- Skills required to be in a blue team
- Eager to learn and detail-oriented
- In-depth knowledge of networks and systems
- Outside-the-box and innovative thinking
- Ability to cross conventional barriers to perform tasks
- Academics, qualifications, and certifications
- Talent development and retention
- Cyber labs
- Capture-the-Flag and hackathons
- Research and development projects
- Community outreach
- Mentoring
- Continuous unhindered learning
- Summary
- Chapter 2: Managing a Defense Security Team
- Why must organizations consider metricizing cybersecurity?
- Blue team KRIs
- How does a blue team initiate designing KRIs for their team?
- Selecting essential cybersecurity metrics
- Why and how organizations can automate this process
- What pitfalls to avoid when automating the workflows of the blue team
- Automating how KRIs are collected and presented
- Summary
- Chapter 3: Risk Assessment
- Following the NIST methodology
- NIST risk assessment methodology
- Asset inventory
- Risk management methods
- Threat identification
- Risk calculation
- Risk management responsibilities
- Summary
- References
- Chapter 4: Blue Team Operations
- Understanding defense strategy
- Blue team operations - infrastructure
- Blue team operations - applications.
- Blue team operations - systems
- Blue team operations - endpoints
- Blue team operations - cloud
- Defense planning against insiders
- Responsibilities in blue team operations
- Summary
- Chapter 5: Threats
- What are cyber threats?
- The Cyber Kill Chain
- Phase 1 - reconnaissance
- Phase 2 - weaponization
- Phase 3 - delivery
- Phase 4 - exploitation
- Phase 5 - installation
- Phase 6 - command and control
- Phase 7 - actions on objective
- Internal attacks
- Different types of cyber threat actors
- Impacts of cybercrime
- An approach to security that is proactive rather than reactive
- Summary
- Chapter 6: Governance, Compliance, Regulations, and Best Practices
- Definition of stakeholders and their needs
- Building risk indicators
- Compliance needs and the identification of compliance requirements
- Assurance of compliance and the right level of governance
- Summary
- Part 2: Controlling the Fray
- What are security controls?
- Preventive controls
- Detective controls
- Deterrent controls
- Compensating controls
- Corrective controls
- Defense-in-depth
- Chapter 7: Preventive Controls
- What are preventive controls?
- Benefits
- Types of preventive controls
- Administrative
- Physical
- Technical/logical
- Layers of preventive controls
- Policy control
- Perimeter/physical controls
- Network controls
- Data security controls
- Application security controls
- Endpoint security controls
- User security
- Summary
- Chapter 8: Detective Controls
- What are detective controls?
- Types of detective controls
- SOC
- How does a SOC work?
- What are the benefits of a SOC?
- Vulnerability testing
- Penetration testing
- Red teams
- Bug bounty
- Source code scanning
- Compliance scanning or hardening scans
- Tools for detective controls
- Threat Intelligence Platform (TIP).
- Security Orchestration, Automation, and Response (SOAR) tools
- Security Information and Event Management (SIEM) tools
- Digital Forensics (DF) tools
- Summary
- Chapter 9: Cyber Threat Intelligence
- What is CTI?
- The quality of CTI
- Types of threat intelligence
- Strategic threat intelligence
- Tactical threat intelligence
- Operational threat intelligence
- Threat intelligence implementation
- 1 - Developing a plan
- 2 - Collection
- 3 - Processing
- 4 - Analysis
- 5 - Dissemination
- 6 - Feedback
- Threat hunting
- The importance of threat hunting
- Using CTI effectively
- The MITRE ATT&
- CK framework
- The MITRE ATT&
- CK Matrix
- How to implement the ATT&
- CK framework
- Summary
- Chapter 10: Incident Response and Recovery
- Incident response planning
- Testing incident response plans
- Incident response playbooks
- Ransomware attacks Playbook
- Data loss/theft attacks playbook
- Phishing attacks playbook
- Disaster recovery planning
- Cyber insurance
- Summary
- Chapter 11: Prioritizing and Implementing a Blue Team Strategy
- Emerging detection and prevention technologies and techniques
- Adversary emulation
- VCISO services
- Context-aware security
- Defensive AI
- Extended Detection and Response (XDR)
- Manufacturer Usage Description (MUD)
- Zero Trust
- Pitfalls to avoid while setting up a blue team
- Getting started on your blue team journey
- Summary
- Part 3: Ask the Experts
- Chapter 12: Expert Insights
- Anthony Desvernois
- William B. Nelson
- Career
- Non-profit and volunteer work
- Laurent Gerardin
- Peter Sheppard, BSc (Hons), MBCS, CITP, CISA
- Pieter Danhieux, CEO and Co-Founder, Secure Code Warrior
- Index
- Other Books You May Enjoy.
