eBook - ePub
Practical Cyber Intelligence
Wilson Bautista
This is a test
Partager le livre
- 316 pages
- English
- ePUB (adapté aux mobiles)
- Disponible sur iOS et Android
eBook - ePub
Practical Cyber Intelligence
Wilson Bautista
DĂ©tails du livre
Aperçu du livre
Table des matiĂšres
Citations
Ă propos de ce livre
Your one stop solution to implement a Cyber Defense Intelligence program in to your organisation.
Key Features
- Intelligence processes and procedures for response mechanisms
- Master F3EAD to drive processes based on intelligence
- Threat modeling and intelligent frameworks
- Case studies and how to go about building intelligent teams
Book Description
Cyber intelligence is the missing link between your cyber defense operation teams, threat intelligence, and IT operations to provide your organization with a full spectrum of defensive capabilities. This book kicks off with the need for cyber intelligence and why it is required in terms of a defensive framework.
Moving forward, the book provides a practical explanation of the F3EAD protocol with the help of examples. Furthermore, we learn how to go about threat models and intelligence products/frameworks and apply them to real-life scenarios. Based on the discussion with the prospective author I would also love to explore the induction of a tool to enhance the marketing feature and functionality of the book.
By the end of this book, you will be able to boot up an intelligence program in your organization based on the operation and tactical/strategic spheres of Cyber defense intelligence.
What you will learn
- Learn about the Observe-Orient-Decide-Act (OODA) loop and it's applicability to security
- Understand tactical view of Active defense concepts and their application in today's threat landscape
- Get acquainted with an operational view of the F3EAD process to drive decision making within an organization
- Create a Framework and Capability Maturity Model that integrates inputs and outputs from key functions in an information security organization
- Understand the idea of communicating with the Potential for Exploitability based on cyber intelligence
Who this book is for
This book targets incident managers, malware analysts, reverse engineers, digital forensics specialists, and intelligence analysts; experience in, or knowledge of, security operations, incident responses or investigations is desirable so you can make the most of the subjects presented.
Foire aux questions
Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier lâabonnement ». Câest aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via lâapplication. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă la bibliothĂšque et Ă toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode dâabonnement : avec lâabonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă 12 mois dâabonnement mensuel.
Quâest-ce que Perlego ?
Nous sommes un service dâabonnement Ă des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă toute une bibliothĂšque pour un prix infĂ©rieur Ă celui dâun seul livre par mois. Avec plus dâun million de livres sur plus de 1 000 sujets, nous avons ce quâil vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Ăcouter sur votre prochain livre pour voir si vous pouvez lâĂ©couter. Lâoutil Ăcouter lit le texte Ă haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, lâaccĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que Practical Cyber Intelligence est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă Practical Cyber Intelligence par Wilson Bautista en format PDF et/ou ePUB ainsi quâĂ dâautres livres populaires dans Informatique et Sciences gĂ©nĂ©rales de l'informatique. Nous disposons de plus dâun million dâouvrages Ă dĂ©couvrir dans notre catalogue.
Informations
Baselines and Anomalies
Just as your hands have fingers, we don't judge the capability of grasping an object by looking at creating metrics for each finger. Each finger has a purpose, one to tighten, one to stabilize, and so on. Of course, we can improve our grasp, but we first must learn what it is to grasp (baseline) and what it is to improve the grasp (understanding the anomaly of improvement).
This chapter is about understanding the baselines and anomalies that exist on our network which extend across teams. As there is an ebb and flow with operations, we are able to establish normalcy among the daily tasks that are performed. We will discuss:
- The challenge of continuous monitoring
- Continuous monitoring Capability Maturity Model
- Examples of integration of capabilities for continuous monitoring to improve defense
Setting up camp
I spent a lot of time in the field training for combat and after hours of running around in the woods, we would need to stop and rest. Wherever the location that we decided to camp in the evenings to rest up, our leadership made sure that we had a good foundation to set up a defense.
Here are a few examples:
- Never set up in an open field because then the adversary can see your strengths and weaknesses:
- Cyber intelligence application:
- Good training in security awareness will decrease one of the likelihoods of exploiting users
- Reducing visibility (through collaboration between IT ops and IT security) for an adversary reduces the attack vectors
- Cyber intelligence application:
- If you are going to get attacked, don't make it easy. Guide them to where your strengths are:
- Cyber intelligence application: Active defense techniquesâguide the adversaries to the locations where they will most likely be found out
- Set up your camp in a location where you can observe the surrounding area to spot any movement:
- Cyber intelligence application: Enabling good IT operations and InfoSec processes allows for identification of anomalies to the baseline
Baselines and anomalies
If you've been in IT and watched the level of traffic through your network on some tool, then you know that baselines are the starting point for comparisons. We can consider that baselines are what normal is. Conversely, anomalies are anything that trends against a baseline. These anomalies can be a positive impact or negative impact to the baseline that is being evaluated.
Establishing baselines can be difficult because we have to define what normal is and then start measuring against that normalcy. We define normalcy by monitoring the regular activities of the items that we are interested in against a specific amount of time.
The following are examples of anomalies against a baseline:
- Regular users trying to access directories that they are not permitted access to more than five times in a week
- Network usage spikes in off hours
So, before we go down a baselining/anomaly rabbit hole of what if statements (because we can establish baselines for numerous amount of things), let's narrow down our focus on the cyber intelligence to provide a continuous monitoring capability of identifying deviations to baselines on a few items between IT operations and IT security.
Continuous monitoring â the challenge
In the field, we would dig our fighting holes close enough to where we could communicate with each other on either side and spaced far enough to where a single attack by a mortar would not cause multiple casualties. The leader's fighting hole would be further back, but would have full view of where the teams set in so that the leader can go and communicate with the team as necessary in the heat of battle.
Just as preparing for combat in the field, in IT we need the right hand and the left hand to know what each is doing. If we can consider a local business unit as a platoon in my preceding example, comparatively we can add to the complexity of an enterprise to a battalion, regiment, or brigade.
Part 1
What makes it more challenging is the subjectivity of what needs to be monitored, as well as establishing normalcy.
For example, let's review the following diagram:
The concept here is relatively simple:
- IT security takes care of reviewing the firewall logs
- IT ...