Intelligence-Driven Incident Response outwitting the adversary
Using a well-conceived incident response plan in the aftermath of an online security breach enables your team to identify attackers and learn how they operate. But only when you approach incident response with a cyber threat intelligence mindset will you truly understand the value of that informatio...
| Otros Autores: | , , , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Sebastopol, CA :
O'Reilly Media, Inc
2023.
|
| Edición: | Second edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009752714106719 |
Tabla de Contenidos:
- Cover
- Copyright
- Table of Contents
- Foreword to the Second Edition
- Foreword to the First Edition
- Preface
- Why We Wrote This Book
- Who This Book Is For
- How This Book Is Organized
- Conventions Used in This Book
- O'Reilly Online Learning
- How to Contact Us
- Acknowledgments
- Part I. The Fundamentals
- Chapter 1. Introduction
- Intelligence as Part of Incident Response
- History of Cyber Threat Intelligence
- Modern Cyber Threat Intelligence
- The Way Forward
- Incident Response as a Part of Intelligence
- What Is Intelligence-Driven Incident Response?
- Why Intelligence-Driven Incident Response?
- Operation SMN
- SolarWinds
- Conclusion
- Chapter 2. Basics of Intelligence
- Intelligence and Research
- Data Versus Intelligence
- Sources and Methods
- Models
- Using Models for Collaboration
- Process Models
- Using the Intelligence Cycle
- Qualities of Good Intelligence
- Collection Method
- Date of Collection
- Context
- Addressing Biases in Analysis
- Levels of Intelligence
- Tactical Intelligence
- Operational Intelligence
- Strategic Intelligence
- Confidence Levels
- Conclusion
- Chapter 3. Basics of Incident Response
- Incident-Response Cycle
- Preparation
- Identification
- Containment
- Eradication
- Recovery
- Lessons Learned
- The Kill Chain
- Targeting
- Reconnaissance
- Weaponization
- Delivery
- Exploitation
- Installation
- Command and Control
- Actions on Objective
- Example Kill Chain
- The Diamond Model
- Basic Model
- Extending the Model
- ATT&CK and D3FEND
- ATT&CK
- D3FEND
- Active Defense
- Deny
- Disrupt
- Degrade
- Deceive
- Destroy
- F3EAD
- Find
- Fix
- Finish
- Exploit
- Analyze
- Disseminate
- Using F3EAD
- Picking the Right Model
- Scenario: Road Runner
- Conclusion
- Part II. Practical Application
- Chapter 4. Find
- Actor-Centric Targeting
- Starting with Known Information
- Useful Information During the Find Phase
- Using the Kill Chain
- Goals
- Victim-Centric Targeting
- Using Victim-Centric Targeting
- Asset-Centric Targeting
- Using Asset-Centric Targeting
- Capability-Centric Targeting
- Using Capability-Centric Targeting
- Media-Centric Targeting
- Targeting Based on Third-Party Notification
- Prioritizing Targeting
- Immediate Needs
- Past Incidents
- Criticality
- Organizing Targeting Activities
- Hard Leads
- Soft Leads
- Grouping Related Leads
- Lead Storage and Documentation
- The Request for Information Process
- Conclusion
- Chapter 5. Fix
- Intrusion Detection
- Network Alerting
- System Alerting
- Fixing Road Runner
- Intrusion Investigation
- Network Analysis
- Live Response
- Memory Analysis
- Disk Analysis
- Enterprise Detection and Response
- Malware Analysis
- Scoping
- Hunting
- Developing Hypotheses
- Testing Hypotheses
- Conclusion
- Chapter 6. Finish
- Finishing Is Not Hacking Back
- Stages of Finish
- Mitigate.
