eBook - ePub
Threat Hunting in the Cloud
Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks
Chris Peiris,Binil Pillai,Abbas Kudrati
This is a test
Share book
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Threat Hunting in the Cloud
Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks
Chris Peiris,Binil Pillai,Abbas Kudrati
Book details
Book preview
Table of contents
Citations
About This Book
Implement a vendor-neutral and multi-cloud cybersecurity and risk mitigation framework with advice from seasoned threat hunting pros
In Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks, celebrated cybersecurity professionals and authors Chris Peiris, Binil Pillai, and Abbas Kudrati leverage their decades of experience building large scale cyber fusion centers to deliver the ideal threat hunting resource for both business and technical audiences. You'll find insightful analyses of cloud platform security tools and, using the industry leading MITRE ATT&CK framework, discussions of the most common threat vectors.
You'll discover how to build a side-by-side cybersecurity fusion center on both Microsoft Azure and Amazon Web Services and deliver a multi-cloud strategy for enterprise customers. And you will find out how to create a vendor-neutral environment with rapid disaster recovery capability for maximum risk mitigation.
With this book you'll learn:
- Key business and technical drivers of cybersecurity threat hunting frameworks in today's technological environment
- Metrics available to assess threat hunting effectiveness regardless of an organization's size
- How threat hunting works with vendor-specific single cloud security offerings and on multi-cloud implementations
- A detailed analysis of key threat vectors such as email phishing, ransomware and nation state attacks
- Comprehensive AWS and Azure "how to" solutions through the lens of MITRE Threat Hunting Framework Tactics, Techniques and Procedures (TTPs)
- Azure and AWS risk mitigation strategies to combat key TTPs such as privilege escalation, credential theft, lateral movement, defend against command & control systems, and prevent data exfiltration
- Tools available on both the Azure and AWS cloud platforms which provide automated responses to attacks, and orchestrate preventative measures and recovery strategies
- Many critical components for successful adoption of multi-cloud threat hunting framework such as Threat Hunting Maturity Model, Zero Trust Computing, Human Elements of Threat Hunting, Integration of Threat Hunting with Security Operation Centers (SOCs) and Cyber Fusion Centers
- The Future of Threat Hunting with the advances in Artificial Intelligence, Machine Learning, Quantum Computing and the proliferation of IoT devices.
Perfect for technical executives (i.e., CTO, CISO), technical managers, architects, system admins and consultants with hands-on responsibility for cloud platforms, Threat Hunting in the Cloud is also an indispensable guide for business executives (i.e., CFO, COO CEO, board members) and managers who need to understand their organization's cybersecurity risk framework and mitigation strategy.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoās features. The only differences are the price and subscription period: With the annual plan youāll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weāve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Threat Hunting in the Cloud an online PDF/ePUB?
Yes, you can access Threat Hunting in the Cloud by Chris Peiris,Binil Pillai,Abbas Kudrati in PDF and/or ePUB format, as well as other popular books in Computer Science & Cryptography. We have over one million books available in our catalogue for you to explore.
Information
Part I
Threat Hunting Frameworks
In This Part
- Chapter 1: Introduction to Threat HuntingChapter 2: Modern Approach to Multi-Cloud Threat HuntingChapter 3: Exploration of MITRE Key Attack Vectors
CHAPTER 1
Introduction to Threat Hunting
What's in This Chapter
- The rise of cybercrime
- What is threat hunting?
- Key cyberthreats and threat actors
- Why is threat hunting relevant to all organizations?
- Does an organization's size matter?
- Threat modeling
- Threat hunting maturity model
- Human elements of threat hunting
- How do you make the board of directors cyber-smart?
- Threat hunting team structure
- The threat hunter's role
The Rise of Cybercrime
āIf you protect your paper clips and diamonds with equal vigorā¦you'll soon have more paper clips and fewer diamonds.ā
āAttributed to Dean Rusk, U.S. Secretary of State 1961ā1969
This quote was first mentioned decades ago in the context of the cold war. However, it still resonates today, especially with the rise of cybercrime we are currently experiencing. Modern cybercrime is a sophisticated business with complex supply-chain activities and multiple threat actors working together in synergy. The threat actors are practicing division of labor, where one team is deployed to penetrate defenses and another team is subsequently employed to exploit the data breach. This level of sophistication is possible due to the staggering rewards cybercriminals and organized crime syndicates are achieving.
In 2009, the cost of cybercrime to the global economy was USD 1 trillion according to McAfee, the Silicon Valley based cybersecurity vendor, in a presentation to the World Economic Forum (WEF) in Davos, Switzerland. McAfee has since announced that cybercrime is estimated to top USD 6 trillion by 2021, according to Cybersecurity Ventures. This has been a significant increase in the last few years. The Cybersecurity Ventures report continues to elaborate that āif cybercrime is a country, it will be the third largest economy after the U.S. and China in the context of Gross Domestic Product (GDP) comparisons.ā
Cybercriminals can be found globally and have different skillsets and motivations. Some types of cybercrime persist independent of economic, political, or social changes, while certain types are fueled by ideology and monetary gain. The cyber defenders and the industry face an extremely diverse set of criminal actors and their ever-evolving tactics and techniques. These threat actors are opportunistic in nature. These cybercriminals capitalize on disruptive events such as the COVID-19 pandemic. As COVID-19 spread globally, cybercriminals pivoted their lures to imitate trusted sources like the World Health Organization (WHO) and other national health organizations, in an effort to get users to click on malicious links and attachments.
The recent Solorigate nation state attack is another example of multi-layer sophisticated attacks. These attacks were driven by ideology, not pure monetary gain. We discuss this nation state attack in detail later in the chapter. These examples illustrate that cybersecurity is a key focus area for any organization in our modern cloud-centric world. The proliferation of private cloud, hybrid cloud, and public cloud has introduced another layer of sophistication/increased attack vectors for cyberattacks. Therefore, more focus should be on preventative methods to ensure āmodern IT diamonds are securedā in relation to Dean Rusk's comments many decades earlier.
Email phishing in the enterprise context continues to grow and has become a dominant vector. Given the increase in available information regarding these schemes and technical advancements in detection, the criminals behind these attacks are now spending significant time, money, and effort to develop scams that are sufficiently sophisticated to victimize even savvy professionals. Attack techniques in phishing and business email compromises are evolving. Previously, cybercriminals focused their efforts on malware attacks, but they have shifted their focus to ransomware, as well as phishing attacks with the goal of harvesting user credentials. Human-operated ransomware gangs are performing massive, wide-ranging sweeps of the Internet, searching for vulnerable entry points. These vulnerable entry points will be controlled by sophisticated ācommand and controlā systems to disrupt organizations via distributed denial of service (DDoS) attacks at the attacker's discretion. Defending against cybercriminals is a complex, ever-evolving, and never-ending challenge.
NOTE According to Cybersecurity Ventures, global cybercrime costs will grow by 15% per year over the next five years, reaching USD 10.5 trillion annually by 2025.
It is estimated that 50% of the world's data will be stored in the cloud infrastructure by 2025. This equates to approximately 100 zettabytes of data across public clouds, government-owned clouds, private clouds, and cloud storage providers. This exponential data growth provides incalculable opportunities for cybercriminals because data is the fundamental building block of the digitized economy. Chief Information Security Officers (CISOs) and security teams are burdened by conventional solutions that can't adapt to the cloud to effectively prevent cyberattacks. And pressures continue to mount as employees produce, access, and share more data remotely through cloud apps during disruptive events such as COVID-19.
NOTE The IBM Cost of Data Breach Report 2020 reports the following:
- The average cost of a data breach is USD 3.86 million.
- The U.S. has the most expensive data breaches.
- Healthcare is the most vulnerable industry; the average cost is USD 7.13 million.
- The average time to identify and contain a breach is 280 days.
It's staggering to comprehend that an adversary could be ālurkingā inside your enterprise for 280 days/9+ months before being discovered and contained. Organizations are required to combat these growing threats and increase their security posture. They have to be proactive in their defense strategies. They also have to react very quickly when the enterprise is under attack. Threat hunting is a key tool available for defenders to protect their digital assets against their adversaries.
What Is Threat Hunting?
There are many different approaches to increasing an organization's cybersecurity defenses against adversaries. One fundamental solution is known as threat hunting. Threat hunting provides a proactive opportunity for an organization to uncover attacker presence in an environment. While no formal academic definition exists for threat hunting, leading global cybersecurity authority SANS defines threat hunting as the āproactive, analyst-driven process to search for attacker tactics,...