eBook - ePub
Practical Cyber Intelligence
Wilson Bautista
This is a test
Share book
- 316 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Practical Cyber Intelligence
Wilson Bautista
Book details
Book preview
Table of contents
Citations
About This Book
Your one stop solution to implement a Cyber Defense Intelligence program in to your organisation.
Key Features
- Intelligence processes and procedures for response mechanisms
- Master F3EAD to drive processes based on intelligence
- Threat modeling and intelligent frameworks
- Case studies and how to go about building intelligent teams
Book Description
Cyber intelligence is the missing link between your cyber defense operation teams, threat intelligence, and IT operations to provide your organization with a full spectrum of defensive capabilities. This book kicks off with the need for cyber intelligence and why it is required in terms of a defensive framework.
Moving forward, the book provides a practical explanation of the F3EAD protocol with the help of examples. Furthermore, we learn how to go about threat models and intelligence products/frameworks and apply them to real-life scenarios. Based on the discussion with the prospective author I would also love to explore the induction of a tool to enhance the marketing feature and functionality of the book.
By the end of this book, you will be able to boot up an intelligence program in your organization based on the operation and tactical/strategic spheres of Cyber defense intelligence.
What you will learn
- Learn about the Observe-Orient-Decide-Act (OODA) loop and it's applicability to security
- Understand tactical view of Active defense concepts and their application in today's threat landscape
- Get acquainted with an operational view of the F3EAD process to drive decision making within an organization
- Create a Framework and Capability Maturity Model that integrates inputs and outputs from key functions in an information security organization
- Understand the idea of communicating with the Potential for Exploitability based on cyber intelligence
Who this book is for
This book targets incident managers, malware analysts, reverse engineers, digital forensics specialists, and intelligence analysts; experience in, or knowledge of, security operations, incident responses or investigations is desirable so you can make the most of the subjects presented.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Practical Cyber Intelligence an online PDF/ePUB?
Yes, you can access Practical Cyber Intelligence by Wilson Bautista in PDF and/or ePUB format, as well as other popular books in Informatique & Sciences générales de l'informatique. We have over one million books available in our catalogue for you to explore.
Information
Baselines and Anomalies
Just as your hands have fingers, we don't judge the capability of grasping an object by looking at creating metrics for each finger. Each finger has a purpose, one to tighten, one to stabilize, and so on. Of course, we can improve our grasp, but we first must learn what it is to grasp (baseline) and what it is to improve the grasp (understanding the anomaly of improvement).
This chapter is about understanding the baselines and anomalies that exist on our network which extend across teams. As there is an ebb and flow with operations, we are able to establish normalcy among the daily tasks that are performed. We will discuss:
- The challenge of continuous monitoring
- Continuous monitoring Capability Maturity Model
- Examples of integration of capabilities for continuous monitoring to improve defense
Setting up camp
I spent a lot of time in the field training for combat and after hours of running around in the woods, we would need to stop and rest. Wherever the location that we decided to camp in the evenings to rest up, our leadership made sure that we had a good foundation to set up a defense.
Here are a few examples:
- Never set up in an open field because then the adversary can see your strengths and weaknesses:
- Cyber intelligence application:
- Good training in security awareness will decrease one of the likelihoods of exploiting users
- Reducing visibility (through collaboration between IT ops and IT security) for an adversary reduces the attack vectors
- Cyber intelligence application:
- If you are going to get attacked, don't make it easy. Guide them to where your strengths are:
- Cyber intelligence application: Active defense techniques—guide the adversaries to the locations where they will most likely be found out
- Set up your camp in a location where you can observe the surrounding area to spot any movement:
- Cyber intelligence application: Enabling good IT operations and InfoSec processes allows for identification of anomalies to the baseline
Baselines and anomalies
If you've been in IT and watched the level of traffic through your network on some tool, then you know that baselines are the starting point for comparisons. We can consider that baselines are what normal is. Conversely, anomalies are anything that trends against a baseline. These anomalies can be a positive impact or negative impact to the baseline that is being evaluated.
Establishing baselines can be difficult because we have to define what normal is and then start measuring against that normalcy. We define normalcy by monitoring the regular activities of the items that we are interested in against a specific amount of time.
The following are examples of anomalies against a baseline:
- Regular users trying to access directories that they are not permitted access to more than five times in a week
- Network usage spikes in off hours
So, before we go down a baselining/anomaly rabbit hole of what if statements (because we can establish baselines for numerous amount of things), let's narrow down our focus on the cyber intelligence to provide a continuous monitoring capability of identifying deviations to baselines on a few items between IT operations and IT security.
Continuous monitoring – the challenge
In the field, we would dig our fighting holes close enough to where we could communicate with each other on either side and spaced far enough to where a single attack by a mortar would not cause multiple casualties. The leader's fighting hole would be further back, but would have full view of where the teams set in so that the leader can go and communicate with the team as necessary in the heat of battle.
Just as preparing for combat in the field, in IT we need the right hand and the left hand to know what each is doing. If we can consider a local business unit as a platoon in my preceding example, comparatively we can add to the complexity of an enterprise to a battalion, regiment, or brigade.
Part 1
What makes it more challenging is the subjectivity of what needs to be monitored, as well as establishing normalcy.
For example, let's review the following diagram:
The concept here is relatively simple:
- IT security takes care of reviewing the firewall logs
- IT ...