eBook - ePub
Practical Cyber Intelligence
Wilson Bautista
This is a test
Compartir libro
- 316 páginas
- English
- ePUB (apto para móviles)
- Disponible en iOS y Android
eBook - ePub
Practical Cyber Intelligence
Wilson Bautista
Detalles del libro
Vista previa del libro
Índice
Citas
Información del libro
Your one stop solution to implement a Cyber Defense Intelligence program in to your organisation.
Key Features
- Intelligence processes and procedures for response mechanisms
- Master F3EAD to drive processes based on intelligence
- Threat modeling and intelligent frameworks
- Case studies and how to go about building intelligent teams
Book Description
Cyber intelligence is the missing link between your cyber defense operation teams, threat intelligence, and IT operations to provide your organization with a full spectrum of defensive capabilities. This book kicks off with the need for cyber intelligence and why it is required in terms of a defensive framework.
Moving forward, the book provides a practical explanation of the F3EAD protocol with the help of examples. Furthermore, we learn how to go about threat models and intelligence products/frameworks and apply them to real-life scenarios. Based on the discussion with the prospective author I would also love to explore the induction of a tool to enhance the marketing feature and functionality of the book.
By the end of this book, you will be able to boot up an intelligence program in your organization based on the operation and tactical/strategic spheres of Cyber defense intelligence.
What you will learn
- Learn about the Observe-Orient-Decide-Act (OODA) loop and it's applicability to security
- Understand tactical view of Active defense concepts and their application in today's threat landscape
- Get acquainted with an operational view of the F3EAD process to drive decision making within an organization
- Create a Framework and Capability Maturity Model that integrates inputs and outputs from key functions in an information security organization
- Understand the idea of communicating with the Potential for Exploitability based on cyber intelligence
Who this book is for
This book targets incident managers, malware analysts, reverse engineers, digital forensics specialists, and intelligence analysts; experience in, or knowledge of, security operations, incident responses or investigations is desirable so you can make the most of the subjects presented.
Preguntas frecuentes
¿Cómo cancelo mi suscripción?
¿Cómo descargo los libros?
Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.
¿En qué se diferencian los planes de precios?
Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.
¿Qué es Perlego?
Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.
¿Perlego ofrece la función de texto a voz?
Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.
¿Es Practical Cyber Intelligence un PDF/ePUB en línea?
Sí, puedes acceder a Practical Cyber Intelligence de Wilson Bautista en formato PDF o ePUB, así como a otros libros populares de Informatique y Sciences générales de l'informatique. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.
Información
Baselines and Anomalies
Just as your hands have fingers, we don't judge the capability of grasping an object by looking at creating metrics for each finger. Each finger has a purpose, one to tighten, one to stabilize, and so on. Of course, we can improve our grasp, but we first must learn what it is to grasp (baseline) and what it is to improve the grasp (understanding the anomaly of improvement).
This chapter is about understanding the baselines and anomalies that exist on our network which extend across teams. As there is an ebb and flow with operations, we are able to establish normalcy among the daily tasks that are performed. We will discuss:
- The challenge of continuous monitoring
- Continuous monitoring Capability Maturity Model
- Examples of integration of capabilities for continuous monitoring to improve defense
Setting up camp
I spent a lot of time in the field training for combat and after hours of running around in the woods, we would need to stop and rest. Wherever the location that we decided to camp in the evenings to rest up, our leadership made sure that we had a good foundation to set up a defense.
Here are a few examples:
- Never set up in an open field because then the adversary can see your strengths and weaknesses:
- Cyber intelligence application:
- Good training in security awareness will decrease one of the likelihoods of exploiting users
- Reducing visibility (through collaboration between IT ops and IT security) for an adversary reduces the attack vectors
- Cyber intelligence application:
- If you are going to get attacked, don't make it easy. Guide them to where your strengths are:
- Cyber intelligence application: Active defense techniques—guide the adversaries to the locations where they will most likely be found out
- Set up your camp in a location where you can observe the surrounding area to spot any movement:
- Cyber intelligence application: Enabling good IT operations and InfoSec processes allows for identification of anomalies to the baseline
Baselines and anomalies
If you've been in IT and watched the level of traffic through your network on some tool, then you know that baselines are the starting point for comparisons. We can consider that baselines are what normal is. Conversely, anomalies are anything that trends against a baseline. These anomalies can be a positive impact or negative impact to the baseline that is being evaluated.
Establishing baselines can be difficult because we have to define what normal is and then start measuring against that normalcy. We define normalcy by monitoring the regular activities of the items that we are interested in against a specific amount of time.
The following are examples of anomalies against a baseline:
- Regular users trying to access directories that they are not permitted access to more than five times in a week
- Network usage spikes in off hours
So, before we go down a baselining/anomaly rabbit hole of what if statements (because we can establish baselines for numerous amount of things), let's narrow down our focus on the cyber intelligence to provide a continuous monitoring capability of identifying deviations to baselines on a few items between IT operations and IT security.
Continuous monitoring – the challenge
In the field, we would dig our fighting holes close enough to where we could communicate with each other on either side and spaced far enough to where a single attack by a mortar would not cause multiple casualties. The leader's fighting hole would be further back, but would have full view of where the teams set in so that the leader can go and communicate with the team as necessary in the heat of battle.
Just as preparing for combat in the field, in IT we need the right hand and the left hand to know what each is doing. If we can consider a local business unit as a platoon in my preceding example, comparatively we can add to the complexity of an enterprise to a battalion, regiment, or brigade.
Part 1
What makes it more challenging is the subjectivity of what needs to be monitored, as well as establishing normalcy.
For example, let's review the following diagram:
The concept here is relatively simple:
- IT security takes care of reviewing the firewall logs
- IT ...