Building an intelligence-led security program / Allan Liska ; Tim Gallo, technical editor.

Format:

Book

Author/Creator:

Liska, Allan, author.

Contributor:

Gallo, Tim, editor.

Language:

English

Subjects (All):

Computer networks--Security measures.

Computer networks.

Physical Description:

1 online resource (192 p.)

Edition:

First edition.

Place of Publication:

Waltham, Massachusetts : Syngress, 2015.

Language Note:

English

System Details:

text file

Summary:

As recently as five years ago, securing a network meant putting in a firewall, intrusion detection system, and installing antivirus software on the desktop. Unfortunately, attackers have grown more nimble and effective, meaning that traditional security programs are no longer effective. Today's effective cyber security programs take these best practices and overlay them with intelligence. Adding cyber threat intelligence can help security teams uncover events not detected by traditional security platforms and correlate seemingly disparate events across the network. Properly-implemented intelligence also makes the life of the security practitioner easier by helping him more effectively prioritize and respond to security incidents. The problem with current efforts is that many security practitioners don't know how to properly implement an intelligence-led program, or are afraid that it is out of their budget. Building an Intelligence-Led Security Program is the first book to show how to implement an intelligence-led program in your enterprise on any budget. It will show you how to implement a security information a security information and event management system, collect and analyze logs, and how to practice real cyber threat intelligence. You'll learn how to understand your network in-depth so that you can protect it in the best possible way. Provides a roadmap and direction on how to build an intelligence-led information security program to protect your company. Learn how to understand your network through logs and client monitoring, so you can effectively evaluate threat intelligence. Learn how to use popular tools such as BIND, SNORT, squid, STIX, TAXII, CyBox, and splunk to conduct network intelligence.

Contents:

Cover

Title Page

Copyright Page

Dedication

Contents

Introduction

About the Author

About the Technical Editor

Acknowledgments

Chapter 1 - Understanding the threat

Information in This Chapter:

A brief of history of network security

The Morris worm

Firewalls

Intrusion detection systems

The desktop

The mail filter and the proxy

Distributed denial of service attacks

Unified threat management

Understanding the current threat

The business of malware

Commoditization of malware

The king phish

The attack surface is expanding

The rise of the cloud

The coming threats

Conclusion

References

Chapter 2 - What is intelligence?

Defining intelligence

The intelligence cycle

Types of intelligence

The professional analyst

Denial and deception

Intelligence throughout the ages

Sun Tzu

Julius Caesar

George Washington

Bletchley Park

Chapter 3 - Building a network security intelligence model

Defining cyber threat intelligence

The anatomy of an attack

Approaching cyber attacks differently

A note about time to live

Incorporating the intelligence lifecycle into security workflow

Intelligence is alive

A picture is worth a thousand words

Automation

Chapter 4 - Gathering data

The continuous monitoring framework

NIST cybersecurity framework

The framework core

Framework implementation tiers

The framework profile

Security + intelligence

The business side of security

Planning a phased approach

The goal

The initial assessment

Analyzing the current security state

Moving to the next phase.

Conclusion

Chapter 5 - Internal intelligence sources

Asset, vulnerability, and configuration management

Configuration management

Network logging

The trouble with SIEMs

The power of SIEMs

Managed security service providers

Access control

Network monitoring

Chapter 6 - External intelligence sources

Brand monitoring versus intelligence

IP addresses as pivot points

Domain names as pivot points

File hashes as pivot points

Pivoting from MSSP alerts

YARA

Protecting against zero-day attacks

Incident response and intelligence

Collaborative research into threats

ReferenceS

Chapter 7 - Fusing internal and external intelligence

Security awareness training

Customer security awareness training

OpenIOC, CyBOX, STIX, and TAXII

OpenIOC

CyBOX

STIX and TAXII

Threat intelligence management platforms

TIMPs as a Rosetta Stone

Big data security analytics

Hadoop

Reference

Chapter 8 - CERTs, ISACs, and intelligence-sharing communities

CERTs and CSIRTs

CERT/Coordination Center

US-CERT and country-level CSIRTs

Company-level CSIRTs

ISACs

The ISACs

Intelligence-sharing communities

Chapter 9 - Advanced intelligence capabilities

Malware analysis

Why it is a bad idea

Setting up a malware lab

Planning the network

Virtual machines versus cloning

Getting the malware to the lab

Malware tools

System tools

Sandbox.

Turning data into intelligence

Honeypots

Positioning a honeypot

Creating a plan

Types of honeypots

Choosing a honeypot

Intrusion deception

How intrusion deception works

Index.

Notes:

Bibliographic Level Mode of Issuance: Monograph

Includes bibliographical references at the end of each chapters and index.

Description based on print version record.

ISBN:

0-12-802145-4

0-12-802370-8

OCLC:

898326670