Incident Response with Threat Intelligence : Practical Insights into Developing an Incident Response Capability Through Intelligence-Based Threat Hunting
Learn everything you need to know to respond to advanced cybersecurity incidents through threat hunting using threat intelligence Key Features Understand best practices for detecting, containing, and recovering from modern cyber threats Get practical experience embracing incident response using inte...
Saved in:
Main Author: | |
---|---|
Format: | eBook |
Language: | English |
Published: |
Birmingham :
Packt Publishing,
2022.
|
Subjects: | |
ISBN: | 1801070997 9781801070997 9781801072953 |
Physical Description: | 1 online resource (468 pages) |
LEADER | 07254cam a22004337i 4500 | ||
---|---|---|---|
001 | kn-on1321804492 | ||
003 | OCoLC | ||
005 | 20240717213016.0 | ||
006 | m o d | ||
007 | cr cn||||||||| | ||
008 | 220528t20222022enk o 000 0 eng d | ||
040 | |a EBLCP |b eng |e rda |e pn |c EBLCP |d ORMDA |d N$T |d UKMGB |d OCLCF |d OCLCQ |d YDXIT |d UKAHL |d OCLCQ |d OCLCO |d OCLCL | ||
020 | |a 1801070997 |q electronic book | ||
020 | |a 9781801070997 |q electronic book | ||
020 | |z 9781801072953 |q paperback | ||
035 | |a (OCoLC)1321804492 | ||
100 | 1 | |a Martinez, Roberto. | |
245 | 1 | 0 | |a Incident Response with Threat Intelligence : |b Practical Insights into Developing an Incident Response Capability Through Intelligence-Based Threat Hunting / |c Roberto Martinez. |
264 | 1 | |a Birmingham : |b Packt Publishing, |c 2022. | |
264 | 4 | |c ©2022 | |
300 | |a 1 online resource (468 pages) | ||
336 | |a text |b txt |2 rdacontent | ||
337 | |a computer |b c |2 rdamedia | ||
338 | |a online resource |b cr |2 rdacarrier | ||
505 | 0 | |a Cover -- Title page -- Copyright and Credits -- Dedication -- Contributors -- Table of Contents -- Preface -- Section 1: The Fundamentals of Incident Response -- Chapter 1: Threat Landscape and Cybersecurity Incidents -- Knowing the threat landscape -- Is COVID-19 also a cyber-pandemic? -- Supply chain attacks -- Understanding the motivation behind cyber attacks -- The ransomware that was not -- Trick-or-treat -- Nothing is what it seems -- Emerging and future cyber threats -- Cyber attacks targeting IOT devices -- Autonomous vehicles -- Drones -- Electronic voting machines | |
505 | 8 | |a Cyber attacks on robots -- The challenge of new technologies for DFIR professionals -- Summary -- Further reading -- Chapter 2: Concepts of Digital Forensics and Incident Response -- Concepts of digital forensics and incident response (DFIR) -- Digital forensics -- What is incident response? -- Difference between events and incidents -- Digital evidence and forensics artifacts -- Looking for artifacts and IoCs -- IoCs versus IoAs -- Incident response standards and frameworks -- NIST Computer Security Incident Handling Guide -- SANS incident response process | |
505 | 8 | |a NIST Guide to Integrating Forensic Techniques into Incident Response -- Defining an incident response posture -- Summary -- Further reading -- Chapter 3: Basics of the Incident Response and Triage Procedures -- Technical requirements -- Principles of first response -- First response guidelines -- Triage -- concept and procedures -- First response procedures in different scenarios -- First response toolkit -- Forensic image acquisition tools -- Artifact collectors -- Summary -- Further reading -- Chapter 4: Applying First Response Procedures -- Technical requirements | |
505 | 8 | |a Case study -- a data breach incident -- Analyzing the cybersecurity incident -- Selecting the best strategy -- Next steps -- Following first-response procedures -- Memory acquisition -- Memory capture and artifacts acquisition using KAPE -- Disk drive acquisition procedures -- Hard drive acquisition using a hardware duplicator -- Summary -- Further reading -- Section 2: Getting to Know the Adversaries -- Chapter 5: Identifying and Profiling Threat Actors -- Technical requirements -- Exploring the different types of threat actors -- Hacktivists -- Script kiddies -- Insiders -- Cybercriminals | |
505 | 8 | |a Ransomware gangs -- Advanced Persistent Threats (APT) groups -- Cyber-mercenaries -- Researching adversaries and threat actors -- STIX and TAXII standards -- Working with STIX objects -- Creating threat actor and campaign profiles -- Creating threat actors' profiles using Visual Studio Code -- Summary -- Further reading -- Chapter 6: Understanding the Cyber Kill Chain and the MITRE ATT & CK Framework -- Technical requirements -- Introducing the Cyber Kill Chain framework -- Understanding the MITRE ATT & CK framework -- Use cases for ATT & CK -- Using the ATT & CK Navigator | |
500 | |a Discovering and containing malicious behaviors. | ||
506 | |a Plný text je dostupný pouze z IP adres počítačů Univerzity Tomáše Bati ve Zlíně nebo vzdáleným přístupem pro zaměstnance a studenty | ||
520 | |a Learn everything you need to know to respond to advanced cybersecurity incidents through threat hunting using threat intelligence Key Features Understand best practices for detecting, containing, and recovering from modern cyber threats Get practical experience embracing incident response using intelligence-based threat hunting techniques Implement and orchestrate different incident response, monitoring, intelligence, and investigation platforms Book Description With constantly evolving cyber threats, developing a cybersecurity incident response capability to identify and contain threats is indispensable for any organization regardless of its size. This book covers theoretical concepts and a variety of real-life scenarios that will help you to apply these concepts within your organization. Starting with the basics of incident response, the book introduces you to professional practices and advanced concepts for integrating threat hunting and threat intelligence procedures in the identification, contention, and eradication stages of the incident response cycle. As you progress through the chapters, you'll cover the different aspects of developing an incident response program. You'll learn the implementation and use of platforms such as TheHive and ELK and tools for evidence collection such as Velociraptor and KAPE before getting to grips with the integration of frameworks such as Cyber Kill Chain and MITRE ATT & CK for analysis and investigation. You'll also explore methodologies and tools for cyber threat hunting with Sigma and YARA rules. By the end of this book, you'll have learned everything you need to respond to cybersecurity incidents using threat intelligence. What you will learn Explore the fundamentals of incident response and incident management Find out how to develop incident response capabilities Understand the development of incident response plans and playbooks Align incident response procedures with business continuity Identify incident response requirements and orchestrate people, processes, and technologies Discover methodologies and tools to integrate cyber threat intelligence and threat hunting into incident response Who this book is for If you are an information security professional or anyone who wants to learn the principles of incident management, first response, threat hunting, and threat intelligence using a variety of platforms and tools, this book is for you. Although not necessary, basic knowledge of Linux, Windows internals, and network protocols will be helpful. | ||
590 | |a Knovel |b Knovel (All titles) | ||
650 | 0 | |a Cyber intelligence (Computer security) | |
650 | 0 | |a Computer crimes |x Investigation. | |
655 | 7 | |a elektronické knihy |7 fd186907 |2 czenas | |
655 | 9 | |a electronic books |2 eczenas | |
776 | 0 | 8 | |i Print version: |a Martinez, Roberto. |t Incident Response with Threat Intelligence. |d Birmingham : Packt Publishing, Limited, ©2022 |
856 | 4 | 0 | |u https://proxy.k.utb.cz/login?url=https://app.knovel.com/hotlink/toc/id:kpIRTI0003/incident-response-with?kpromoter=marc |y Full text |