My Account Log in

1 option

Threat Hunting in the Cloud : defending aws, azure, and other cloud platforms against cyberattacks / Chris Peiris, Binil Pillai, Abbas Kudrati.

O'Reilly Online Learning: Academic/Public Library Edition Available online

View online
Format:
Book
Author/Creator:
Peiris, Chris, author.
Pillai, Binil, author.
Kudrati, Abbas, author.
Language:
English
Subjects (All):
Computer security.
Internet--Security measures.
Internet.
Cloud computing--Security measures.
Cloud computing.
Physical Description:
1 online resource (547 pages)
Place of Publication:
Indianapolis, Indiana : John Wiley and Sons, [2021]
Summary:
Implement a vendor-neutral and multi-cloud cybersecurity and risk mitigation framework with advice from seasoned threat hunting pros In Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks, celebrated cybersecurity professionals and authors Chris Peiris, Binil Pillai, and Abbas Kudrati leverage their decades of experience building large scale cyber fusion centers to deliver the ideal threat hunting resource for both business and technical audiences. You'll find insightful analyses of cloud platform security tools and, using the industry leading MITRE ATT&CK framework, discussions of the most common threat vectors. You'll discover how to build a side-by-side cybersecurity fusion center on both Microsoft Azure and Amazon Web Services and deliver a multi-cloud strategy for enterprise customers. And you will find out how to create a vendor-neutral environment with rapid disaster recovery capability for maximum risk mitigation. With this book you'll learn: Key business and technical drivers of cybersecurity threat hunting frameworks in today's technological environment Metrics available to assess threat hunting effectiveness regardless of an organization's size How threat hunting works with vendor-specific single cloud security offerings and on multi-cloud implementations A detailed analysis of key threat vectors such as email phishing, ransomware and nation state attacks Comprehensive AWS and Azure "how to" solutions through the lens of MITRE Threat Hunting Framework Tactics, Techniques and Procedures (TTPs) Azure and AWS risk mitigation strategies to combat key TTPs such as privilege escalation, credential theft, lateral movement, defend against command & control systems, and prevent data exfiltration Tools available on both the Azure and AWS cloud platforms which provide automated responses to attacks, and orchestrate preventative measures and recovery strategies Many critical components for successful adoption of multi-cloud threat hunting framework such as Threat Hunting Maturity Model, Zero Trust Computing, Human Elements of Threat Hunting, Integration of Threat Hunting with Security Operation Centers (SOCs) and Cyber Fusion Centers The Future of Threat Hunting with the advances in Artificial Intelligence, Machine Learning, Quantum Computing and the proliferation of IoT devices. Perfect for technical executives (i.e., CTO, CISO), technical managers, architects, system admins and consultants with hands-on responsibility for cloud platforms, Threat Hunting in the Cloud is also an indispensable guide for business executives (i.e., CFO, COO CEO, board members) and managers who need to understand their organization's cybersecurity risk framework and mitigation strategy.
Contents:
Cover
Title Page
Copyright Page
About the Authors
About the Technical Editors
Acknowledgments
Contents at a Glance
Contents
Foreword
Introduction
What Does This Book Cover?
Additional Resources
How to Contact the Publisher
Part I Threat Hunting Frameworks
Chapter 1 Introduction to Threat Hunting
The Rise of Cybercrime
What Is Threat Hunting?
The Key Cyberthreats and Threat Actors
Phishing
Ransomware
Nation State
The Necessity of Threat Hunting
Does the Organization's Size Matter?
Threat Modeling
Threat-Hunting Maturity Model
Organization Maturity and Readiness
Level 0: INITIAL
Level 1: MINIMAL
Level 2: PROCEDURAL
Level 3: INNOVATIVE
Level 4: LEADING
Human Elements of Threat Hunting
How Do You Make the Board of Directors Cyber-Smart?
Threat-Hunting Team Structure
External Model
Dedicated Internal Hunting Team Model
Combined/Hybrid Team Model
Periodic Hunt Teams Model
Urgent Need for Human-Led Threat Hunting
The Threat Hunter's Role
Summary
Chapter 2 Modern Approach to Multi-Cloud Threat Hunting
Multi-Cloud Threat Hunting
Multi-Tenant Cloud Environment
Threat Hunting in Multi-Cloud and Multi-Tenant Environments
Building Blocks for the Security Operations Center
Scope and Type of SOC
Services, Not Just Monitoring
SOC Model
Define a Process for Identifying and Managing Threats
Tools and Technologies to Empower SOC
People (Specialized Teams)
Cyberthreat Detection, Threat Modeling, and the Need for Proactive Threat Hunting Within SOC
Cyberthreat Detection
Threat-Hunting Goals and Objectives
Threat Modeling and SOC
The Need for a Proactive Hunting Team Within SOC
Assume Breach and Be Proactive
Invest in People
Develop an Informed Hypothesis.
Cyber Resiliency and Organizational Culture
Skillsets Required for Threat Hunting
Security Analysis
Data Analysis
Programming Languages
Analytical Mindset
Soft Skills
Outsourcing
Threat-Hunting Process and Procedures
Metrics for Assessing the Effectiveness of Threat Hunting
Foundational Metrics
Operational Metrics
Threat-Hunting Program Effectiveness
Chapter 3 Exploration of MITRE Key Attack Vectors
Understanding MITRE ATT&amp
CK
What Is MITRE ATT&amp
CK Used For?
How Is MITRE ATT&amp
CK Used and Who Uses It?
How Is Testing Done According to MITRE?
Tactics
Techniques
Threat Hunting Using Five Common Tactics
Privilege Escalation
Case Study
Credential Access
Lateral Movement
Command and Control
Exfiltration
Other Methodologies and Key Threat-Hunting Tools to Combat Attack Vectors
Zero Trust
Threat Intelligence and Zero Trust
Build Cloud-Based Defense-in-Depth
Analysis Tools
Microsoft Tools
Connect To All Your Data
Workbooks
Analytics
Security Automation and Orchestration
Investigation
Hunting
Community
AWS Tools
Analyzing Logs Directly
SIEMs in the Cloud
Resources
Part II Hunting in Microsoft Azure
Chapter 4 Microsoft Azure Cloud Threat Prevention Framework
Introduction to Microsoft Security
Understanding the Shared Responsibility Model
Microsoft Services for Cloud Security Posture Management and Logging/Monitoring
Overview of Azure Security Center and Azure Defender
Overview of Microsoft Azure Sentinel
Using Microsoft Secure and Protect Features
Identity &amp
Access Management
Infrastructure &amp
Network
Data &amp
Application
Customer Access.
Using Azure Web Application Firewall to Protect a Website Against an "Initial Access" TTP
Using Microsoft Defender for Office 365 to Protect Against an "Initial Access" TTP
Using Microsoft Defender Endpoint to Protect Against an "Initial Access" TTP
Using Azure Conditional Access to Protect Against an "Initial Access" TTP
Microsoft Detect Services
Detecting "Privilege Escalation" TTPs
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Privilege Escalation" TTP
Detecting Credential Access
Using Azure Identity Protection to Detect Threats Against a "Credential Access" TTP
Steps to Configure and Enable Risk Polices (Sign-inRisk and User Risk)
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Credential Access" TTP
Detecting Lateral Movement
Using Just-in-Time in ASC to Protect and Detect Threats Against a "Lateral Movement" TTP
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Lateral Movement" TTP
Detecting Command and Control
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Command and Control" TTP
Detecting Data Exfiltration
Using Azure Information Protection to Detect Threats Against a "Data Exfiltration" TTP
Discovering Sensitive Content Using AIP
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Data Exfiltration" TTP
Detecting Threats and Proactively Hunting with Microsoft 365 Defender
Microsoft Investigate, Response, and Recover Features
Automating Investigation and Remediation with Microsoft Defender for Endpoint
Using Microsoft Threat Expert Support for Remediation and Investigation
Targeted Attack Notification
Experts on Demand
Automating Security Response with MCAS and Microsoft Flow.
Step 1: Generate Your API Token in Cloud App Security
Step 2: Create Your Trigger in Microsoft Flow
Step 3: Create the Teams Message Action in Microsoft Flow
Step 4: Generate an Email in Microsoft Flow
Connecting the Flow in Cloud App Security
Performing an Automated Response Using Azure Security Center
Using Machine Learning and Artificial Intelligence in Threat Response
Overview of Fusion Detections
Overview of Azure Machine Learning
Chapter 5 Microsoft Cybersecurity Reference Architecture and Capability Map
Microsoft Security Architecture versus the NIST Cybersecurity Framework (CSF)
Microsoft Security Architecture
The Identify Function
The Protect Function
The Detect Function
The Respond Function
The Recover Function
Using the Microsoft Reference Architecture
Microsoft Threat Intelligence
Service Trust Portal
Security Development Lifecycle (SDL)
Protecting the Hybrid Cloud Infrastructure
Azure Marketplace
Private Link
Azure Arc
Azure Lighthouse
Azure Firewall
Azure Web Application Firewall (WAF)
Azure DDOS Protection
Azure Key Vault
Azure Bastion
Azure Site Recovery
Azure Security Center (ASC)
Microsoft Azure Secure Score
Protecting Endpoints and Clients
Microsoft Endpoint Manager (MEM) Configuration Manager
Microsoft Intune
Protecting Identities and Access
Azure AD Conditional Access
Passwordless for End-to-EndSecure Identity
Azure Active Directory (aka Azure AD)
Azure MFA
Azure Active Directory Identity Protection
Azure Active Directory Privilege Identity Management (PIM)
Microsoft Defender for Identity
Azure AD B2B and B2C
Azure AD Identity Governance
Protecting SaaS Apps
Protecting Data and Information
Azure Purview
Microsoft Information Protection (MIP).
Azure Information Protection Unified Labeling Scanner (File Scanner)
The Advanced eDiscovery Solution in Microsoft 365
Compliance Manager
Protecting IoT and Operation Technology
Security Concerns with IoT
Understanding That IoT Cybersecurity Starts with a Threat Model
Microsoft Investment in IoT Technology
Azure Sphere
Azure Defender
Azure Defender for IoT
Threat Modeling for the Azure IoT Reference Architecture
Azure Defender for IoT Architecture (Agentless Solutions)
Azure Defender for IoT Architecture (Agent-basedsolutions)
Understanding the Security Operations Solutions
Understanding the People Security Solutions
Attack Simulator
Insider Risk Management (IRM)
Communication Compliance
Part III Hunting in AWS
Chapter 6 AWS Cloud Threat Prevention Framework
Introduction to AWS Well-Architected Framework
The Five Pillars of the Well-Architected Framework
Operational Excellence
Security
Reliability
Performance Efficiency
Cost Optimization
The Shared Responsibility Model
AWS Services for Monitoring, Logging, and Alerting
AWS CloudTrail
Amazon CloudWatch Logs
Amazon VPC Flow Logs
Amazon GuardDuty
AWS Security Hub
AWS Protect Features
How Do You Prevent Initial Access?
Prerequisites
Create an API
Create and Configure an AWS WAF
How Do You Protect APIs from SQL Injection Attacks Using API Gateway and AWS WAF?
AWS Detection Features
How Do You Detect Privilege Escalation?
How Do You Detect the Abuse of Valid Account to Obtain High-Level Permissions?
Configure GuardDuty to Detect Privilege Escalation
Reviewing the Findings
How Do You Detect Credential Access?
How Do You Detect Unsecured Credentials?
How Do You Detect Lateral Movement?.
How Do You Detect the Use of Stolen Alternate Authentication Material?.
Notes:
Description based on print version record.
Includes index.
ISBN:
9781119804116
1119804116
9781119804109
1119804108
OCLC:
1267761655

The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.

Find

Home Release notes

My Account

Shelf Request an item Bookmarks Fines and fees Settings

Guides

Using the Find catalog Using Articles+ Using your account