My Account Log in

1 option

Incident response with threat intelligence : practical insights into developing an incident response capability through intelligence-based threat hunting / Roberto Martinez.

O'Reilly Online Learning: Academic/Public Library Edition Available online

View online
Format:
Book
Author/Creator:
Martinez, Roberto, author.
Language:
English
Subjects (All):
Cyber intelligence (Computer security).
Computer crimes--Investigation.
Computer crimes.
Physical Description:
1 online resource (468 pages)
Place of Publication:
Birmingham, England ; Mumbai : Packt, [2022]
Biography/History:
Martinez Roberto: Roberto Martinez, works as a Senior Security Researcher at Kaspersky's Global Research and Analysis Team (GReAT) since April 2012, doing research to detect and identify new Security Threats, responding to Security Incidents, and presenting at security events worldwide. He also collaborates as an Expert Associate Professor at Tec de Monterrey University and is currently an active member of the HTCIA (High Technology Crime Investigation Association). Roberto has more than 15 years of experience in cybersecurity, working in different fields as Offensive Security, Incident Response, Digital Forensic Investigation, Threat Hunting, Threat Intelligence, and Malware Analysis. Before this, he worked as a consultant and instructor specializing in security for governments, financial institutions, and private corporations in Latin America.
Summary:
Learn everything you need to know to respond to advanced cybersecurity incidents through threat hunting using threat intelligence Key Features Understand best practices for detecting, containing, and recovering from modern cyber threats Get practical experience embracing incident response using intelligence-based threat hunting techniques Implement and orchestrate different incident response, monitoring, intelligence, and investigation platforms Book Description With constantly evolving cyber threats, developing a cybersecurity incident response capability to identify and contain threats is indispensable for any organization regardless of its size. This book covers theoretical concepts and a variety of real-life scenarios that will help you to apply these concepts within your organization. Starting with the basics of incident response, the book introduces you to professional practices and advanced concepts for integrating threat hunting and threat intelligence procedures in the identification, contention, and eradication stages of the incident response cycle. As you progress through the chapters, you'll cover the different aspects of developing an incident response program. You'll learn the implementation and use of platforms such as TheHive and ELK and tools for evidence collection such as Velociraptor and KAPE before getting to grips with the integration of frameworks such as Cyber Kill Chain and MITRE ATT & CK for analysis and investigation. You'll also explore methodologies and tools for cyber threat hunting with Sigma and YARA rules. By the end of this book, you'll have learned everything you need to respond to cybersecurity incidents using threat intelligence. What you will learn Explore the fundamentals of incident response and incident management Find out how to develop incident response capabilities Understand the development of incident response plans and playbooks Align incident response procedures with business continuity Identify incident response requirements and orchestrate people, processes, and technologies Discover methodologies and tools to integrate cyber threat intelligence and threat hunting into incident response Who this book is for If you are an information security professional or anyone who wants to learn the principles of incident management, first response, threat hunting, and threat intelligence using a variety of platforms and tools, this book is for you. Although not necessary, basic knowledge of Linux, Windows internals, and network protocols will be helpful.
Contents:
Cover
Title page
Copyright and Credits
Dedication
Contributors
Table of Contents
Preface
Section 1: The Fundamentals of Incident Response
Chapter 1: Threat Landscape and Cybersecurity Incidents
Knowing the threat landscape
Is COVID-19 also a cyber-pandemic?
Supply chain attacks
Understanding the motivation behind cyber attacks
The ransomware that was not
Trick-or-treat
Nothing is what it seems
Emerging and future cyber threats
Cyber attacks targeting IOT devices
Autonomous vehicles
Drones
Electronic voting machines
Cyber attacks on robots
The challenge of new technologies for DFIR professionals
Summary
Further reading
Chapter 2: Concepts of Digital Forensics and Incident Response
Concepts of digital forensics and incident response (DFIR)
Digital forensics
What is incident response?
Difference between events and incidents
Digital evidence and forensics artifacts
Looking for artifacts and IoCs
IoCs versus IoAs
Incident response standards and frameworks
NIST Computer Security Incident Handling Guide
SANS incident response process
NIST Guide to Integrating Forensic Techniques into Incident Response
Defining an incident response posture
Chapter 3: Basics of the Incident Response and Triage Procedures
Technical requirements
Principles of first response
First response guidelines
Triage
concept and procedures
First response procedures in different scenarios
First response toolkit
Forensic image acquisition tools
Artifact collectors
Chapter 4: Applying First Response Procedures
Technical requirements
Case study
a data breach incident
Analyzing the cybersecurity incident
Selecting the best strategy
Next steps
Following first-response procedures
Memory acquisition
Memory capture and artifacts acquisition using KAPE
Disk drive acquisition procedures
Hard drive acquisition using a hardware duplicator
Section 2: Getting to Know the Adversaries
Chapter 5: Identifying and Profiling Threat Actors
Exploring the different types of threat actors
Hacktivists
Script kiddies
Insiders
Cybercriminals
Ransomware gangs
Advanced Persistent Threats (APT) groups
Cyber-mercenaries
Researching adversaries and threat actors
STIX and TAXII standards
Working with STIX objects
Creating threat actor and campaign profiles
Creating threat actors' profiles using Visual Studio Code
Chapter 6: Understanding the Cyber Kill Chain and the MITRE ATT & CK Framework
Introducing the Cyber Kill Chain framework
Understanding the MITRE ATT & CK framework
Use cases for ATT & CK
Using the ATT & CK Navigator
Notes:
Includes index.
Description based on print version record.
ISBN:
9781523151325
1523151323
9781801070997
1801070997
OCLC:
1321804492

The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.

Find

Home Release notes

My Account

Shelf Request an item Bookmarks Fines and fees Settings

Guides

Using the Find catalog Using Articles+ Using your account