1 option
Threat Hunting in the Cloud : defending aws, azure, and other cloud platforms against cyberattacks / Chris Peiris, Binil Pillai, Abbas Kudrati.
- Format:
- Book
- Author/Creator:
- Peiris, Chris, author.
- Pillai, Binil, author.
- Kudrati, Abbas, author.
- Language:
- English
- Subjects (All):
- Computer security.
- Internet--Security measures.
- Internet.
- Cloud computing--Security measures.
- Cloud computing.
- Physical Description:
- 1 online resource (547 pages)
- Place of Publication:
- Indianapolis, Indiana : John Wiley and Sons, [2021]
- Summary:
- Implement a vendor-neutral and multi-cloud cybersecurity and risk mitigation framework with advice from seasoned threat hunting pros In Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks, celebrated cybersecurity professionals and authors Chris Peiris, Binil Pillai, and Abbas Kudrati leverage their decades of experience building large scale cyber fusion centers to deliver the ideal threat hunting resource for both business and technical audiences. You'll find insightful analyses of cloud platform security tools and, using the industry leading MITRE ATT&CK framework, discussions of the most common threat vectors. You'll discover how to build a side-by-side cybersecurity fusion center on both Microsoft Azure and Amazon Web Services and deliver a multi-cloud strategy for enterprise customers. And you will find out how to create a vendor-neutral environment with rapid disaster recovery capability for maximum risk mitigation. With this book you'll learn: Key business and technical drivers of cybersecurity threat hunting frameworks in today's technological environment Metrics available to assess threat hunting effectiveness regardless of an organization's size How threat hunting works with vendor-specific single cloud security offerings and on multi-cloud implementations A detailed analysis of key threat vectors such as email phishing, ransomware and nation state attacks Comprehensive AWS and Azure "how to" solutions through the lens of MITRE Threat Hunting Framework Tactics, Techniques and Procedures (TTPs) Azure and AWS risk mitigation strategies to combat key TTPs such as privilege escalation, credential theft, lateral movement, defend against command & control systems, and prevent data exfiltration Tools available on both the Azure and AWS cloud platforms which provide automated responses to attacks, and orchestrate preventative measures and recovery strategies Many critical components for successful adoption of multi-cloud threat hunting framework such as Threat Hunting Maturity Model, Zero Trust Computing, Human Elements of Threat Hunting, Integration of Threat Hunting with Security Operation Centers (SOCs) and Cyber Fusion Centers The Future of Threat Hunting with the advances in Artificial Intelligence, Machine Learning, Quantum Computing and the proliferation of IoT devices. Perfect for technical executives (i.e., CTO, CISO), technical managers, architects, system admins and consultants with hands-on responsibility for cloud platforms, Threat Hunting in the Cloud is also an indispensable guide for business executives (i.e., CFO, COO CEO, board members) and managers who need to understand their organization's cybersecurity risk framework and mitigation strategy.
- Contents:
- Cover
- Title Page
- Copyright Page
- About the Authors
- About the Technical Editors
- Acknowledgments
- Contents at a Glance
- Contents
- Foreword
- Introduction
- What Does This Book Cover?
- Additional Resources
- How to Contact the Publisher
- Part I Threat Hunting Frameworks
- Chapter 1 Introduction to Threat Hunting
- The Rise of Cybercrime
- What Is Threat Hunting?
- The Key Cyberthreats and Threat Actors
- Phishing
- Ransomware
- Nation State
- The Necessity of Threat Hunting
- Does the Organization's Size Matter?
- Threat Modeling
- Threat-Hunting Maturity Model
- Organization Maturity and Readiness
- Level 0: INITIAL
- Level 1: MINIMAL
- Level 2: PROCEDURAL
- Level 3: INNOVATIVE
- Level 4: LEADING
- Human Elements of Threat Hunting
- How Do You Make the Board of Directors Cyber-Smart?
- Threat-Hunting Team Structure
- External Model
- Dedicated Internal Hunting Team Model
- Combined/Hybrid Team Model
- Periodic Hunt Teams Model
- Urgent Need for Human-Led Threat Hunting
- The Threat Hunter's Role
- Summary
- Chapter 2 Modern Approach to Multi-Cloud Threat Hunting
- Multi-Cloud Threat Hunting
- Multi-Tenant Cloud Environment
- Threat Hunting in Multi-Cloud and Multi-Tenant Environments
- Building Blocks for the Security Operations Center
- Scope and Type of SOC
- Services, Not Just Monitoring
- SOC Model
- Define a Process for Identifying and Managing Threats
- Tools and Technologies to Empower SOC
- People (Specialized Teams)
- Cyberthreat Detection, Threat Modeling, and the Need for Proactive Threat Hunting Within SOC
- Cyberthreat Detection
- Threat-Hunting Goals and Objectives
- Threat Modeling and SOC
- The Need for a Proactive Hunting Team Within SOC
- Assume Breach and Be Proactive
- Invest in People
- Develop an Informed Hypothesis.
- Cyber Resiliency and Organizational Culture
- Skillsets Required for Threat Hunting
- Security Analysis
- Data Analysis
- Programming Languages
- Analytical Mindset
- Soft Skills
- Outsourcing
- Threat-Hunting Process and Procedures
- Metrics for Assessing the Effectiveness of Threat Hunting
- Foundational Metrics
- Operational Metrics
- Threat-Hunting Program Effectiveness
- Chapter 3 Exploration of MITRE Key Attack Vectors
- Understanding MITRE ATT&
- CK
- What Is MITRE ATT&
- CK Used For?
- How Is MITRE ATT&
- CK Used and Who Uses It?
- How Is Testing Done According to MITRE?
- Tactics
- Techniques
- Threat Hunting Using Five Common Tactics
- Privilege Escalation
- Case Study
- Credential Access
- Lateral Movement
- Command and Control
- Exfiltration
- Other Methodologies and Key Threat-Hunting Tools to Combat Attack Vectors
- Zero Trust
- Threat Intelligence and Zero Trust
- Build Cloud-Based Defense-in-Depth
- Analysis Tools
- Microsoft Tools
- Connect To All Your Data
- Workbooks
- Analytics
- Security Automation and Orchestration
- Investigation
- Hunting
- Community
- AWS Tools
- Analyzing Logs Directly
- SIEMs in the Cloud
- Resources
- Part II Hunting in Microsoft Azure
- Chapter 4 Microsoft Azure Cloud Threat Prevention Framework
- Introduction to Microsoft Security
- Understanding the Shared Responsibility Model
- Microsoft Services for Cloud Security Posture Management and Logging/Monitoring
- Overview of Azure Security Center and Azure Defender
- Overview of Microsoft Azure Sentinel
- Using Microsoft Secure and Protect Features
- Identity &
- Access Management
- Infrastructure &
- Network
- Data &
- Application
- Customer Access.
- Using Azure Web Application Firewall to Protect a Website Against an "Initial Access" TTP
- Using Microsoft Defender for Office 365 to Protect Against an "Initial Access" TTP
- Using Microsoft Defender Endpoint to Protect Against an "Initial Access" TTP
- Using Azure Conditional Access to Protect Against an "Initial Access" TTP
- Microsoft Detect Services
- Detecting "Privilege Escalation" TTPs
- Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Privilege Escalation" TTP
- Detecting Credential Access
- Using Azure Identity Protection to Detect Threats Against a "Credential Access" TTP
- Steps to Configure and Enable Risk Polices (Sign-inRisk and User Risk)
- Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Credential Access" TTP
- Detecting Lateral Movement
- Using Just-in-Time in ASC to Protect and Detect Threats Against a "Lateral Movement" TTP
- Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Lateral Movement" TTP
- Detecting Command and Control
- Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Command and Control" TTP
- Detecting Data Exfiltration
- Using Azure Information Protection to Detect Threats Against a "Data Exfiltration" TTP
- Discovering Sensitive Content Using AIP
- Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Data Exfiltration" TTP
- Detecting Threats and Proactively Hunting with Microsoft 365 Defender
- Microsoft Investigate, Response, and Recover Features
- Automating Investigation and Remediation with Microsoft Defender for Endpoint
- Using Microsoft Threat Expert Support for Remediation and Investigation
- Targeted Attack Notification
- Experts on Demand
- Automating Security Response with MCAS and Microsoft Flow.
- Step 1: Generate Your API Token in Cloud App Security
- Step 2: Create Your Trigger in Microsoft Flow
- Step 3: Create the Teams Message Action in Microsoft Flow
- Step 4: Generate an Email in Microsoft Flow
- Connecting the Flow in Cloud App Security
- Performing an Automated Response Using Azure Security Center
- Using Machine Learning and Artificial Intelligence in Threat Response
- Overview of Fusion Detections
- Overview of Azure Machine Learning
- Chapter 5 Microsoft Cybersecurity Reference Architecture and Capability Map
- Microsoft Security Architecture versus the NIST Cybersecurity Framework (CSF)
- Microsoft Security Architecture
- The Identify Function
- The Protect Function
- The Detect Function
- The Respond Function
- The Recover Function
- Using the Microsoft Reference Architecture
- Microsoft Threat Intelligence
- Service Trust Portal
- Security Development Lifecycle (SDL)
- Protecting the Hybrid Cloud Infrastructure
- Azure Marketplace
- Private Link
- Azure Arc
- Azure Lighthouse
- Azure Firewall
- Azure Web Application Firewall (WAF)
- Azure DDOS Protection
- Azure Key Vault
- Azure Bastion
- Azure Site Recovery
- Azure Security Center (ASC)
- Microsoft Azure Secure Score
- Protecting Endpoints and Clients
- Microsoft Endpoint Manager (MEM) Configuration Manager
- Microsoft Intune
- Protecting Identities and Access
- Azure AD Conditional Access
- Passwordless for End-to-EndSecure Identity
- Azure Active Directory (aka Azure AD)
- Azure MFA
- Azure Active Directory Identity Protection
- Azure Active Directory Privilege Identity Management (PIM)
- Microsoft Defender for Identity
- Azure AD B2B and B2C
- Azure AD Identity Governance
- Protecting SaaS Apps
- Protecting Data and Information
- Azure Purview
- Microsoft Information Protection (MIP).
- Azure Information Protection Unified Labeling Scanner (File Scanner)
- The Advanced eDiscovery Solution in Microsoft 365
- Compliance Manager
- Protecting IoT and Operation Technology
- Security Concerns with IoT
- Understanding That IoT Cybersecurity Starts with a Threat Model
- Microsoft Investment in IoT Technology
- Azure Sphere
- Azure Defender
- Azure Defender for IoT
- Threat Modeling for the Azure IoT Reference Architecture
- Azure Defender for IoT Architecture (Agentless Solutions)
- Azure Defender for IoT Architecture (Agent-basedsolutions)
- Understanding the Security Operations Solutions
- Understanding the People Security Solutions
- Attack Simulator
- Insider Risk Management (IRM)
- Communication Compliance
- Part III Hunting in AWS
- Chapter 6 AWS Cloud Threat Prevention Framework
- Introduction to AWS Well-Architected Framework
- The Five Pillars of the Well-Architected Framework
- Operational Excellence
- Security
- Reliability
- Performance Efficiency
- Cost Optimization
- The Shared Responsibility Model
- AWS Services for Monitoring, Logging, and Alerting
- AWS CloudTrail
- Amazon CloudWatch Logs
- Amazon VPC Flow Logs
- Amazon GuardDuty
- AWS Security Hub
- AWS Protect Features
- How Do You Prevent Initial Access?
- Prerequisites
- Create an API
- Create and Configure an AWS WAF
- How Do You Protect APIs from SQL Injection Attacks Using API Gateway and AWS WAF?
- AWS Detection Features
- How Do You Detect Privilege Escalation?
- How Do You Detect the Abuse of Valid Account to Obtain High-Level Permissions?
- Configure GuardDuty to Detect Privilege Escalation
- Reviewing the Findings
- How Do You Detect Credential Access?
- How Do You Detect Unsecured Credentials?
- How Do You Detect Lateral Movement?.
- How Do You Detect the Use of Stolen Alternate Authentication Material?.
- Notes:
- Description based on print version record.
- Includes index.
- ISBN:
- 9781119804116
- 1119804116
- 9781119804109
- 1119804108
- OCLC:
- 1267761655
The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.