Cybersecurity blue team strategies : uncover the secrets of blue teams to combat cyber threats in your organization / Kunal Sehgal, Nikolaos Thymianis.

Format:

Book

Author/Creator:

Sehgal, Kunal, author.

Thymianis, Nikolaos, author.

Language:

English

Subjects (All):

Computer security.

Computer networks--Security measures.

Computer networks.

Computer crimes.

Physical Description:

1 online resource (208 pages)

Edition:

1st ed.

Place of Publication:

Birmingham ; Mumbai : Packt Publishing, Limited, [2023]

System Details:

Mode of access: World Wide Web.

Summary:

This book will help you understand how a blue team is formed and why it is crucial for businesses. You'll learn different security controls, such as preventive and defensive controls, and become equipped to set up a blue team from scratch.

Contents:

Intro

Preface

Part 1: Establishing the Blue

Chapter 1: Establishing a Defense Program

How do organizations benefit from implementing the blue teaming approach?

Risk assessment

Monitoring and surveillance

Security controls

Reporting and recommendation to management

A blue team's composition

Analysts

Incident responder

Threat hunter

Security consultant

Security administrator

Identity and Access Management (IAM) administrator

Compliance analyst

Red team

Purple team

Cyber threat intelligence

Skills required to be in a blue team

Eager to learn and detail-oriented

In-depth knowledge of networks and systems

Outside-the-box and innovative thinking

Ability to cross conventional barriers to perform tasks

Academics, qualifications, and certifications

Talent development and retention

Cyber labs

Capture-the-Flag and hackathons

Research and development projects

Community outreach

Mentoring

Continuous unhindered learning

Summary

Chapter 2: Managing a Defense Security Team

Why must organizations consider metricizing cybersecurity?

Blue team KRIs

How does a blue team initiate designing KRIs for their team?

Selecting essential cybersecurity metrics

Why and how organizations can automate this process

What pitfalls to avoid when automating the workflows of the blue team

Automating how KRIs are collected and presented

Chapter 3: Risk Assessment

Following the NIST methodology

NIST risk assessment methodology

Asset inventory

Risk management methods

Threat identification

Risk calculation

Risk management responsibilities

References

Chapter 4: Blue Team Operations

Understanding defense strategy

Blue team operations - infrastructure

Blue team operations - applications.

Blue team operations - systems

Blue team operations - endpoints

Blue team operations - cloud

Defense planning against insiders

Responsibilities in blue team operations

Chapter 5: Threats

What are cyber threats?

The Cyber Kill Chain

Phase 1 - reconnaissance

Phase 2 - weaponization

Phase 3 - delivery

Phase 4 - exploitation

Phase 5 - installation

Phase 6 - command and control

Phase 7 - actions on objective

Internal attacks

Different types of cyber threat actors

Impacts of cybercrime

An approach to security that is proactive rather than reactive

Chapter 6: Governance, Compliance, Regulations, and Best Practices

Definition of stakeholders and their needs

Building risk indicators

Compliance needs and the identification of compliance requirements

Assurance of compliance and the right level of governance

Part 2: Controlling the Fray

What are security controls?

Preventive controls

Detective controls

Deterrent controls

Compensating controls

Corrective controls

Defense-in-depth

Chapter 7: Preventive Controls

What are preventive controls?

Benefits

Types of preventive controls

Administrative

Physical

Technical/logical

Layers of preventive controls

Policy control

Perimeter/physical controls

Network controls

Data security controls

Application security controls

Endpoint security controls

User security

Chapter 8: Detective Controls

What are detective controls?

Types of detective controls

SOC

How does a SOC work?

What are the benefits of a SOC?

Vulnerability testing

Penetration testing

Red teams

Bug bounty

Source code scanning

Compliance scanning or hardening scans

Tools for detective controls

Threat Intelligence Platform (TIP).

Security Orchestration, Automation, and Response (SOAR) tools

Security Information and Event Management (SIEM) tools

Digital Forensics (DF) tools

Chapter 9: Cyber Threat Intelligence

What is CTI?

The quality of CTI

Types of threat intelligence

Strategic threat intelligence

Tactical threat intelligence

Operational threat intelligence

Threat intelligence implementation

1 - Developing a plan

2 - Collection

3 - Processing

4 - Analysis

5 - Dissemination

6 - Feedback

Threat hunting

The importance of threat hunting

Using CTI effectively

The MITRE ATT&amp

CK framework

CK Matrix

How to implement the ATT&amp

Chapter 10: Incident Response and Recovery

Incident response planning

Testing incident response plans

Incident response playbooks

Ransomware attacks Playbook

Data loss/theft attacks playbook

Phishing attacks playbook

Disaster recovery planning

Cyber insurance

Chapter 11: Prioritizing and Implementing a Blue Team Strategy

Emerging detection and prevention technologies and techniques

Adversary emulation

VCISO services

Context-aware security

Defensive AI

Extended Detection and Response (XDR)

Manufacturer Usage Description (MUD)

Zero Trust

Pitfalls to avoid while setting up a blue team

Getting started on your blue team journey

Part 3: Ask the Experts

Chapter 12: Expert Insights

Anthony Desvernois

William B. Nelson

Career

Non-profit and volunteer work

Laurent Gerardin

Peter Sheppard, BSc (Hons), MBCS, CITP, CISA

Pieter Danhieux, CEO and Co-Founder, Secure Code Warrior

Index

Other Books You May Enjoy.

Notes:

Includes index.

Includes bibliographical references and index.

Description based on print version record.

ISBN:

9781801073615

1801073619

OCLC:

1372398657