Tribe of Hackers Blue Team
eBook - ePub

Tribe of Hackers Blue Team

Tribal Knowledge from the Best in Defensive Cybersecurity

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

Tribe of Hackers Blue Team

Tribal Knowledge from the Best in Defensive Cybersecurity

About this book

Blue Team defensive advice from the biggest names in cybersecurity

The Tribe of Hackers team is back. This new guide is packed with insights on blue team issues from the biggest names in cybersecurity. Inside, dozens of the world's leading Blue Team security specialists show you how to harden systems against real and simulated breaches and attacks. You'll discover the latest strategies for blocking even the most advanced red-team attacks and preventing costly losses. The experts share their hard-earned wisdom, revealing what works and what doesn't in the real world of cybersecurity.

Tribe of Hackers Blue Team goes beyond the bestselling, original Tribe of Hackers book and delves into detail on defensive and preventative techniques. Learn how to grapple with the issues that hands-on security experts and security managers are sure to build into their blue team exercises.

  • Discover what it takes to get started building blue team skills
  • Learn how you can defend against physical and technical penetration testing
  • Understand the techniques that advanced red teamers use against high-value targets
  • Identify the most important tools to master as a blue teamer
  • Explore ways to harden systems against red team attacks
  • Stand out from the competition as you work to advance your cybersecurity career

Authored by leaders in cybersecurity attack and breach simulations, the Tribe of Hackers series is perfect for those new to blue team security, experienced practitioners, and cybersecurity team leaders. Tribe of Hackers Blue Team has the real-world advice and practical guidance you need to advance your information security career and ready yourself for the blue team defense.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Tribe of Hackers Blue Team by Marcus J. Carey,Jennifer Jin in PDF and/or ePUB format, as well as other popular books in Ciencia de la computación & Criptografía. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Wiley
Year
2020
Print ISBN
9781119643418
eBook ISBN
9781119643425
Edition
1
Topic
Ciencia de la computación
Subtopic
Criptografía

1
Marcus J. Carey

Photograph of Marcus J. Carey.
“At a micro level, the blue team consists of the individuals directly responsible for monitoring, defending, and responding to incidents.”
Twitter: @marcusjcareyWebsite: www.linkedin.com/in/marcuscarey
Marcus J. Carey is a cybersecurity community advocate and startup founder with more than 25 years of protecting sensitive government and commercial data. He started his cybersecurity career in U.S. Navy cryptology with further service in the National Security Agency (NSA).
How do you define a blue team?
At a macro level, the blue team is the entire organization, including the end users and customers. I say that because your end users and customers will be the first to notice when something goes wrong from a security perspective.
I know it's extremely awkward to have a customer let you know there is a security issue, but time and time again they end up saving us. Everyone is part of the team.
At a micro level, the blue team consists of the individuals directly responsible for monitoring, defending, and responding to incidents.
What are two core capabilities that a blue team should have?
I believe network visibility and log management are the two core capabilities every blue team should strive to master. In traditional infrastructures, network visibility allows organizations to understand what is happening on their network such as authentication, domain resolution, and all sorts of chatty protocols.
Network visibility goes hand in hand in the sense that not only do you have to ensure you can see what's going on the network, but you also need to make sure that information sources are logging events. They also need to ensure that the data is captured and can be analyzed (some in real time) for breaches.
This usually requires a log management system that requires enough storage to be useful for troubleshooting and forensic investigations.
TLDR: You have to make sure you are logging all the right stuff and that stuff can be retrieved for troubleshooting and incident response. Without those, you are probably playing security theater.
What are some of the key strengths of an incident response program?
I'm going to use the age-old concept of building a home-court advantage. You need to have a competent staff, which means you should invest in training and in hiring personnel hungry to learn and grow.
Solid incident response programs are built on top of knowing as much as possible about your system, software, and network infrastructure. You have to be able to ignore all normal activity as much as possible and zero in on the bad stuff.
Getting to zero is impossible because software will behave in weird ways, systems vary from organization, and users are going to do unexpected things. The key is to keep pushing, improving, and automating as much as possible.
How can blue teamers learn, practice, and grow?
I'm a big fan of the 80/20 model when it comes to learning and practicing your craft. Blue teamers should be able to spend 20 percent of their time on ongoing education and practicing new skills. It's a cycle in the sense that you learn first and then put those skills into practice, and the growth part is learning what works and what doesn't.
There are tons of free information sources that blue teamers can learn from. One of the traits of good blue teamers is their ability to self-study to solve problems. If you are hiring blue teamers, you should look for instances where they picked up new skills on their own.
If you are currently looking to get into a cybersecurity job, the most important trait that many hiring managers look for is your ability to self-study and learn new skills. You should “learn how to learn” and apply new skills. You'll drastically increase your value on the job market.
How do you reward good blue teaming work?
Compensate them properly and don't have them doing unnecessary security theater-type work. I personally make a promise to anyone who works with me that I'm going to ensure they are able to level up in their career. At some point in the future when they leave, their career will be on a higher plane. I sometimes see organizations stunt growth in order to retain personnel, which is wrong and always backfires.
What are some core metrics that a blue team can use to build, measure, and maintain a successful information security program?
When it comes down to it, blue teams will be measured ultimately in the mean time to detect breaches and mitigate the threats. To achieve this, the blue team is going to need to have the right people, processes, and technology to make it happen. The people need to be skilled, the processes have to be sharp, and the technology must be fully leveraged. Along the way, you have to continuously measure the mean time to detect along the way to improve and maintain those capabilities.
Where would you start if you were the only information security staff member at a small to medium-sized business with a primitive security infrastructure?
There are a ton of free resources from the National Institute of Standards and Technology (NIST). In particular, NIST's Cybersecurity Framework (CSF) is an amazing resource that any organization can pick up and start implementing.
In addition to the NIST CSF, there are several special publications (SPs) that they provide that I highly recommend for self-assessments, including these two:
  • NIST SP 800-115: Technical Guide to Information Security Testing and Assessment
  • NIST SP 800-37: Risk Management Framework for Information Systems and Organizations
What is the most bang-for-your-buck security control?
Limiting administrative privileges is the biggest bang-for-your-buck security control. Just by limiting these privileges you are going to reduce the number of intrusions on your network. It will keep people from installing unauthorized, bootlegged, or cracked software.
Attackers typically inherit the level of the user or service that they compromise. This means that they will not initially have privileges to do whatever they want on the system if they aren't administrators. If the attacker has to escalate privileges, it's another opportunity to catch them in their tracks.
Has your organization implemented any deception technologies?
No.
Where should an organization use cryptography?
The most effective places to use encryption are virtual private networks, web page logins, and full-disk encryption.
VPNs typically use encryption to keep the data private from end to end. Web page logins need to be encrypted so usernames, passwords, and all the other authentication data remain secret. Full-disk encryption is important in case a computer or laptop is stolen and the data on the disk is protected.
How do you approach data governance and other methods of reducing your data footprint?
I learned in the military that you always want to keep as little data as you can. Keep only what you are required by law or compliance. Don't keep unnecessary customer or employee data. Time and time again we see crazy stories of how organizations kept all their customer data around unencrypted on premises and in the cloud. The best way to avoid this is to not have the data in the first place.
What is your opinion on compliance?
I'm okay with compliance because it does set a bar and create a minimal threshold that organizations should adhere to. I hope that by now people realize that compliance is the absolute bare minimum and doesn't mean that they are secure by any means.
In addition, security leaders need to ensure they are communicating honestly.
Is there a framework that aligns the activities or functions performed by the blue team with regulatory compliance requirements?
I'm a huge fan of the NIST Cybersecurity Framework because it recommends continuous testing and evaluation of the security program at a ...

Table of contents

  1. Cover
  2. Table of Contents
  3. Acknowledgments
  4. Foreword
  5. Introduction
  6. 1 Marcus J. Carey
  7. 2 Danny Akacki
  8. 3 Ricky Banda
  9. 4 William Bengtson
  10. 5 Amanda Berlin
  11. 6 O'Shea Bowens
  12. 7 John Breth
  13. 8 Lee Brotherston
  14. 9 Ronald Bushar
  15. 10 Christopher Caruso
  16. 11 Eddie Clark
  17. 12 Mark Clayton
  18. 13 Ayman Elsawah
  19. 14 Sahan Fernando
  20. 15 Stephen Hilt
  21. 16 Bea Hughes
  22. 17 Terence Jackson
  23. 18 Tanya Janca
  24. 19 Ruth Juma
  25. 20 Brendon Kelley
  26. 21 Shawn Kirkland
  27. 22 Sami Laiho
  28. 23 Kat Maddox
  29. 24 Jeffrey Man
  30. 25 April Mardock
  31. 26 Bright Gameli Mawudor
  32. 27 Duncan McAlynn
  33. 28 Frank McGovern
  34. 29 Donald McFarlane
  35. 30 Nathan McNulty
  36. 31 James Medlock
  37. 32 Daniel Miessler
  38. 33 Alyssa Miller
  39. 34 Maggie Morganti
  40. 35 Justin Moss
  41. 36 Mark Orlando
  42. 37 Mitch Parker
  43. 38 Stuart Peck
  44. 39 Carlos Perez
  45. 40 Quiessence Phillips
  46. 41 Lauren Proehl
  47. 42 Josh Rickard
  48. 43 Megan Roddie
  49. 44 Jason Schorr
  50. 45 Chris Sistrunk
  51. 46 Jayson E. Street
  52. 47 Michael Tanji
  53. 48 Ronnie Tokazowski
  54. 49 Ashley Tolbert
  55. 50 Ismael Valenzuela
  56. 51 Dave Venable
  57. 52 Robert “TProphet” Walker
  58. 53 Jake Williams
  59. 54 Robert Willis
  60. End User License Agreement