Cargando…
Intelligence-driven incident response : outwitting the adversary /
| Clasificación: | Libro Electrónico |
|---|---|
| Autores principales: | , |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Sebastopol, CA :
O'Reilly Media,
[2017]
|
| Edición: | First edition. |
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Copyright; Table of Contents; Foreword; Preface; Why We Wrote This Book; Who This Book Is For; How This Book Is Organized; Conventions Used in This Book; O'Reilly Safari; How to Contact Us; Acknowledgments; Part I. The Fundamentals; Chapter 1. Introduction; Intelligence as Part of Incident Response; History of Cyber Threat Intelligence; Modern Cyber Threat Intelligence; The Way Forward; Incident Response as a Part of Intelligence; What Is Intelligence-Driven Incident Response?; Why Intelligence-Driven Incident Response?; Operation SMN; Operation Aurora; Conclusion.
- Chapter 2. Basics of IntelligenceData Versus Intelligence; Sources and Methods; Process Models; OODA; Intelligence Cycle; Using the Intelligence Cycle; Qualities of Good Intelligence; Levels of Intelligence; Tactical Intelligence; Operational Intelligence; Strategic Intelligence; Confidence Levels; Conclusion; Chapter 3. Basics of Incident Response; Incident-Response Cycle; Preparation; Identification; Containment; Eradication; Recovery; Lessons Learned; Kill Chain; Targeting; Reconnaissance; Weaponization; Delivery; Exploitation; Installation; Command and Control; Actions on Objective.
- Example Kill ChainDiamond Model; Basic Model; Extending the Model; Active Defense; Deny; Disrupt; Degrade; Deceive; Destroy; F3EAD; Find; Fix; Finish; Exploit; Analyze; Disseminate; Using F3EAD; Picking the Right Model; Scenario: GLASS WIZARD; Conclusion; Part II. Practical Application; Chapter 4. Find; Actor-Centric Targeting; Starting with Known Information; Useful Find Information; Asset-Centric Targeting; Using Asset-Centric Targeting; News-Centric Targeting; Targeting Based on Third-Party Notification; Prioritizing Targeting; Immediate Needs; Past Incidents; Criticality.
- Organizing Targeting ActivitiesHard Leads; Soft Leads; Grouping Related Leads; Lead Storage; The Request for Information Process; Conclusion; Chapter 5. Fix; Intrusion Detection; Network Alerting; System Alerting; Fixing GLASS WIZARD; Intrusion Investigation; Network Analysis; Live Response; Memory Analysis; Disk Analysis; Malware Analysis; Scoping; Hunting; Developing Leads; Testing Leads; Conclusion; Chapter 6. Finish; Finishing Is Not Hacking Back; Stages of Finish; Mitigate; Remediate; Rearchitect; Taking Action; Deny; Disrupt; Degrade; Deceive; Destroy; Organizing Incident Data.
- Tools for Tracking ActionsPurpose-Built Tools; Assessing the Damage; Monitoring Life Cycle; Conclusion; Chapter 7. Exploit; What to Exploit?; Gathering Information; Storing Threat Information; Data Standards and Formats for Indicators; Data Standards and Formats for Strategic Information; Managing Information; Threat-Intelligence Platforms; Conclusion; Chapter 8. Analyze; The Fundamentals of Analysis; What to Analyze?; Conducting the Analysis; Enriching Your Data; Developing Your Hypothesis; Evaluating Key Assumptions; Judgment and Conclusions; Analytic Processes and Methods.