Threat hunting in the cloud : defending AWS, Azure and other cloud platforms against cyberattacks /

Implement a vendor-neutral and multi-cloud cybersecurity and risk mitigation framework with advice from seasoned threat hunting pros In Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks, celebrated cybersecurity professionals and authors Chris Peiris, B...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autores principales: Peiris, Chris (Autor), Kudrati, Abbas (Autor), Pillai, Binil (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Hoboken, New Jersey : John Wiley & Sons, Inc., [2022]
Temas:
Computer security.
Internet > Security measures.
Cloud computing > Security measures.
Sécurité informatique.
Internet > Sécurité > Mesures.
Infonuagique > Sécurité > Mesures.
Computer security
Internet > Security measures
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Foreword xxxi
  • Introduction xxxiii
  • Part I Threat Hunting Frameworks 1
  • Chapter 1 Introduction to Threat Hunting 3
  • The Rise of Cybercrime 4
  • What Is Threat Hunting? 6
  • The Key Cyberthreats and Threat Actors 7
  • Phishing 7
  • Ransomware 8
  • Nation State 10
  • The Necessity of Threat Hunting 14
  • Does the Organization’s Size Matter? 17
  • Threat Modeling 19
  • Threat-Hunting
  • Maturity Model 23
  • Organization Maturity and Readiness 23
  • Level 0: INITIAL 24
  • Level 1: MINIMAL 25
  • Level 2: PROCEDURAL 25
  • Level 3: INNOVATIVE 25
  • Level 4: LEADING 25
  • Human Elements of Threat Hunting 26
  • How Do You Make the Board of Directors Cyber-Smart? 27
  • Threat-Hunting Team Structure 30
  • External Model 30
  • Dedicated Internal Hunting Team Model 30
  • Combined/Hybrid Team Model 30
  • Periodic Hunt Teams Model 30
  • Urgent Need for Human-Led Threat Hunting 31
  • The Threat Hunter’s Role 31
  • Summary 33
  • Chapter 2 Modern Approach to Multi-Cloud Threat Hunting 35
  • Multi-Cloud Threat Hunting 35
  • Multi-Tenant Cloud Environment 38
  • Threat Hunting in Multi-Cloud and Multi-Tenant Environments 39
  • Building Blocks for the Security Operations Center 41
  • Scope and Type of SOC 43
  • Services, Not Just Monitoring 43
  • SOC Model 43
  • Define a Process for Identifying and Managing Threats 44
  • Tools and Technologies to Empower SOC 44
  • People (Specialized Teams) 45
  • Cyberthreat Detection, Threat Modeling, and the Need for Proactive Threat Hunting Within SOC 46
  • Cyberthreat Detection 46
  • Threat-Hunting Goals and Objectives 49
  • Threat Modeling and SOC 50
  • The Need for a Proactive Hunting Team Within SOC 50
  • Assume Breach and Be Proactive 51
  • Invest in People 51
  • Develop an Informed Hypothesis 52
  • Cyber Resiliency and Organizational Culture 53
  • Skillsets Required for Threat Hunting 54
  • Security Analysis 55
  • Data Analysis 56
  • Programming Languages 56
  • Analytical Mindset 56
  • Soft Skills 56
  • Outsourcing 56
  • Threat-Hunting Process and Procedures 57
  • Metrics for Assessing the Effectiveness of Threat Hunting 58
  • Foundational Metrics 58
  • Operational Metrics 59
  • Threat-Hunting Program Effectiveness 61
  • Summary 62
  • Chapter 3 Exploration of MITRE Key Attack Vectors 63
  • Understanding MITRE ATT&CK 63
  • What Is MITRE ATT&CK Used For? 64
  • How Is MITRE ATT&CK Used and Who Uses It? 65
  • How Is Testing Done According to MITRE? 65
  • Tactics 67
  • Techniques 67
  • Threat Hunting Using Five Common Tactics 69
  • Privilege Escalation 71
  • Case Study 72
  • Credential Access 73
  • Case Study 74
  • Lateral Movement 75
  • Case Study 75
  • Command and Control 77
  • Case Study 77
  • Exfiltration 79
  • Case Study 79
  • Other Methodologies and Key Threat-Hunting Tools to Combat
  • Attack Vectors 80
  • Zero Trust 80
  • Threat Intelligence and Zero Trust 83
  • Build Cloud-Based Defense-in-Depth 84
  • Analysis Tools 86
  • Microsoft Tools 86
  • Connect To All Your Data 87
  • Workbooks 88
  • Analytics 88
  • Security Automation and Orchestration 90
  • Investigation 91
  • Hunting 92
  • Community 92
  • AWS Tools 93
  • Analyzing Logs Directly 93
  • SIEMs in the Cloud 94
  • Summary 95
  • Resources 96
  • Part II Hunting in Microsoft Azure 99
  • Chapter 4 Microsoft Azure Cloud Threat Prevention Framework 101
  • Introduction to Microsoft Security 102
  • Understanding the Shared Responsibility Model 102
  • Microsoft Services for Cloud Security Posture Management and Logging/Monitoring 105
  • Overview of Azure Security Center and Azure Defender 105
  • Overview of Microsoft Azure Sentinel 108
  • Using Microsoft Secure and Protect Features 112
  • Identity & Access Management 113
  • Infrastructure & Network 114
  • Data & Application 115
  • Customer Access 115
  • Using Azure Web Application Firewall to Protect a Website Against an “Initial Access” TTP 116
  • Using Microsoft Defender for Office 365 to Protect Against an “Initial Access” TTP 118
  • Using Microsoft Defender Endpoint to Protect Against an “Initial Access” TTP 121
  • Using Azure Conditional Access to Protect Against an “Initial Access” TTP 123
  • Microsoft Detect Services 127
  • Detecting “Privilege Escalation” TTPs 128
  • Using Azure Security Center and Azure Sentinel to Detect Threats Against a “Privilege Escalation” TTP 128
  • Detecting Credential Access 131
  • Using Azure Identity Protection to Detect Threats Against a “Credential Access” TTP 132
  • Steps to Configure and Enable Risk Polices (Sign-in Risk and User Risk) 134
  • Using Azure Security Center and Azure Sentinel to Detect Threats Against a “Credential Access” TTP 137
  • Detecting Lateral Movement 139
  • Using Just-in-Time in ASC to Protect and Detect Threats Against a “Lateral Movement” TTP 139
  • Using Azure Security Center and Azure Sentinel to Detect Threats Against a “Lateral Movement” TTP 144
  • Detecting Command and Control 145
  • Using Azure Security Center and Azure Sentinel to Detect Threats Against a “Command and Control” TTP 146
  • Detecting Data Exfiltration 147
  • Using Azure Information Protection to Detect Threats Against a “Data Exfiltration” TTP 148
  • Discovering Sensitive Content Using AIP 149
  • Using Azure Security Center and Azure Sentinel to Detect Threats Against a “Data Exfiltration” TTP 153
  • Detecting Threats and Proactively Hunting with Microsoft 365 Defender 154
  • Microsoft Investigate, Response, and Recover Features 155
  • Automating Investigation and Remediation with Microsoft Defender for Endpoint 157
  • Using Microsoft Threat Expert Support for Remediation and Investigation 159
  • Targeted Attack Notification 159
  • Experts on Demand 161
  • Automating Security Response with MCAS and Microsoft Flow 166
  • Step 1: Generate Your API Token in Cloud App Security 167
  • Step 2: Create Your Trigger in Microsoft Flow 167
  • Step 3: Create the Teams Message Action in Microsoft Flow 168
  • Step 4: Generate an Email in Microsoft Flow 168
  • Connecting the Flow in Cloud App Security 169
  • Performing an Automated Response Using Azure Security Center 170
  • Using Machine Learning and Artificial Intelligence in Threat Response 172
  • Overview of Fusion Detections 173
  • Overview of Azure Machine Learning 174
  • Summary 182
  • Chapter 5 Microsoft Cybersecurity Reference Architecture and Capability Map 183
  • Introduction 183
  • Microsoft Security Architecture versus the NIST Cybersecurity Framework (CSF) 184
  • Microsoft Security Architecture 185
  • The Identify Function 186
  • The Protect Function 187
  • The Detect Function 188
  • The Respond Function 189
  • The Recover Function 189
  • Using the Microsoft Reference Architecture 190
  • Microsoft Threat Intelligence 190
  • Service Trust Portal 192
  • Security Development Lifecycle (SDL) 193
  • Protecting the Hybrid Cloud Infrastructure 194
  • Azure Marketplace 194
  • Private Link 195
  • Azure Arc 196
  • Azure Lighthouse 197
  • Azure Firewall 198
  • Azure Web Application Firewall (WAF) 200
  • Azure DDOS Protection 200
  • Azure Key Vault 201
  • Azure Bastion 202
  • Azure Site Recovery 204
  • Azure Security Center (ASC) 205
  • Microsoft Azure Secure Score 205
  • Protecting Endpoints and Clients 206
  • Microsoft Endpoint Manager (MEM) Configuration Manager 207
  • Microsoft Intune 208
  • Protecting Identities and Access 209
  • Azure AD Conditional Access 210
  • Passwordless for End-to-End
  • Secure Identity 211
  • Azure Active Directory (aka Azure AD) 211
  • Azure MFA 211
  • Azure Active Directory Identity Protection 212
  • Azure Active Directory Privilege Identity
  • Management (PIM) 213
  • Microsoft Defender for Identity 214
  • Azure AD B2B and B2C 215
  • Azure AD Identity Governance 215
  • Protecting SaaS Apps 216
  • Protecting Data and Information 219
  • Azure Purview 220
  • Microsoft Information Protection (MIP) 221
  • Azure Information Protection Unified Labeling Scanner (File Scanner) 222
  • The Advanced eDiscovery Solution in Microsoft 365 223
  • Compliance Manager 224
  • Protecting IoT and Operation Technology 225
  • Security Concerns with IoT 226
  • Understanding That IoT Cybersecurity Starts with a Threat Model 227
  • Microsoft Investment
  • in IoT Technology 229
  • Azure Sphere 229
  • Azure Defender 229
  • Azure Defender for IoT 230
  • Threat Modeling for the Azure IoT Reference Architecture 230
  • Azure Defender for IoT Architecture (Agentless Solutions) 233
  • Azure Defender for IoT Architecture (Agent-based solutions) 234
  • Understanding the Security Operations Solutions 235
  • Understanding the People Security Solutions 236
  • Attack Simulator 237
  • Insider Risk Management (IRM) 237
  • Communication Compliance 239
  • Summary 240
  • Part III Hunting in AWS 241
  • Chapter 6 AWS Cloud Threat Prevention Framework 243
  • Introduction to AWS Well-Architected Framework 244
  • The Five Pillars of the Well-Architected Framework 245
  • Operational Excellence 246
  • Security 246
  • Reliability 246
  • Performance Efficiency 246
  • Cost Optimization 246
  • The Shared Responsibility Model 246
  • AWS Services for Monitoring, Logging, and Alerting 248
  • AWS CloudTrail 249
  • Amazon CloudWatch Logs 251
  • Amazon VPC Flow Logs 252
  • Amazon GuardDuty 253
  • AWS Security Hub 254
  • AWS Protect Features 256
  • How Do You Prevent Initial Access? 256
  • How Do You Protect APIs from SQL Injection Attacks Using API
  • Gateway and AWS WAF? 256
  • Prerequisites 257
  • Create an API 257
  • Create and Configure an AWS WAF 259
  • AWS Detection Features 263
  • How Do You Detect Privilege Escalation? 263
  • How Do You Detect the Abuse of Valid Account to Obtain High-Level Permissions? 264
  • Prerequisites 264
  • Configure GuardDuty to Detect Privilege Escalation 265
  • Reviewing the Findings 266
  • How Do You Detect Credential Access? 269
  • How Do You Detect Unsecured Credentials? 269
  • Prerequisites 270
  • Reviewing t ...

Ejemplares similares