My Account Log in

1 option

Intelligence-Driven Incident Response : outwitting the adversary / Rebekah Brown and Scott J. Roberts ; foreword by Jeannie L. Johnson and Rob Lee.

O'Reilly Online Learning: Academic/Public Library Edition Available online

View online
Format:
Book
Author/Creator:
Brown, Rebekah (Writer on computer security), author.
Roberts, Scott J. (Writer on computer security), author.
Contributor:
Johnson, Jeannie L., writer of foreword.
Lee, Rob, writer of foreword.
Language:
English
Subjects (All):
Computer crimes--Investigation.
Computer crimes.
Physical Description:
1 online resource (xxvi, 316 pages ) : color illustrations.
Edition:
Second edition.
Place of Publication:
Sebastopol, CA : O'Reilly Media, Inc., 2023.
Summary:
Using a well-conceived incident response plan in the aftermath of an online security breach enables your team to identify attackers and learn how they operate. But only when you approach incident response with a cyber threat intelligence mindset will you truly understand the value of that information. In this updated second edition, you'll learn the fundamentals of intelligence analysis as well as the best ways to incorporate these techniques into your incident response process. Each method reinforces the other: threat intelligence supports and augments incident response, while incident response generates useful threat intelligence. This practical guide helps incident managers, malware analysts, reverse engineers, digital forensics specialists, and intelligence analysts understand, implement, and benefit from this relationship. In three parts, this in-depth book includes: The fundamentals: Get an introduction to cyberthreat intelligence, the intelligence process, the incident response process, and how they all work together Practical application: Walk through the intelligence-driven incident response (IDIR) process using the F3EAD process: Find, Fix, Finish, Exploit, Analyze, and Disseminate The way forward: Explore big-picture aspects of IDIR that go beyond individual incident response investigations, including intelligence team building.
Contents:
Cover
Copyright
Table of Contents
Foreword to the Second Edition
Foreword to the First Edition
Preface
Why We Wrote This Book
Who This Book Is For
How This Book Is Organized
Conventions Used in This Book
O'Reilly Online Learning
How to Contact Us
Acknowledgments
Part I. The Fundamentals
Chapter 1. Introduction
Intelligence as Part of Incident Response
History of Cyber Threat Intelligence
Modern Cyber Threat Intelligence
The Way Forward
Incident Response as a Part of Intelligence
What Is Intelligence-Driven Incident Response?
Why Intelligence-Driven Incident Response?
Operation SMN
SolarWinds
Conclusion
Chapter 2. Basics of Intelligence
Intelligence and Research
Data Versus Intelligence
Sources and Methods
Models
Using Models for Collaboration
Process Models
Using the Intelligence Cycle
Qualities of Good Intelligence
Collection Method
Date of Collection
Context
Addressing Biases in Analysis
Levels of Intelligence
Tactical Intelligence
Operational Intelligence
Strategic Intelligence
Confidence Levels
Chapter 3. Basics of Incident Response
Incident-Response Cycle
Preparation
Identification
Containment
Eradication
Recovery
Lessons Learned
The Kill Chain
Targeting
Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and Control
Actions on Objective
Example Kill Chain
The Diamond Model
Basic Model
Extending the Model
ATT&CK and D3FEND
ATT&CK
D3FEND
Active Defense
Deny
Disrupt
Degrade
Deceive
Destroy
F3EAD
Find
Fix
Finish
Exploit
Analyze
Disseminate
Using F3EAD
Picking the Right Model
Scenario: Road Runner
Part II. Practical Application
Chapter 4. Find
Actor-Centric Targeting
Starting with Known Information
Useful Information During the Find Phase
Using the Kill Chain
Goals
Victim-Centric Targeting
Using Victim-Centric Targeting
Asset-Centric Targeting
Using Asset-Centric Targeting
Capability-Centric Targeting
Using Capability-Centric Targeting
Media-Centric Targeting
Targeting Based on Third-Party Notification
Prioritizing Targeting
Immediate Needs
Past Incidents
Criticality
Organizing Targeting Activities
Hard Leads
Soft Leads
Grouping Related Leads
Lead Storage and Documentation
The Request for Information Process
Chapter 5. Fix
Intrusion Detection
Network Alerting
System Alerting
Fixing Road Runner
Intrusion Investigation
Network Analysis
Live Response
Memory Analysis
Disk Analysis
Enterprise Detection and Response
Malware Analysis
Scoping
Hunting
Developing Hypotheses
Testing Hypotheses
Chapter 6. Finish
Finishing Is Not Hacking Back
Stages of Finish
Mitigate.
Notes:
Includes index.
OCLC-licensed vendor bibliographic record.
ISBN:
9781098120672
1098120671
OCLC:
1382692621

The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.

Find

Home Release notes

My Account

Shelf Request an item Bookmarks Fines and fees Settings

Guides

Using the Find catalog Using Articles+ Using your account