Cloud Defense Strategies with Azure Sentinel : Hands-on Threat Hunting in Cloud Logs and Services
معرفی کتاب «Cloud Defense Strategies with Azure Sentinel : Hands-on Threat Hunting in Cloud Logs and Services» نوشتهٔ Marshall Copeland، منتشرشده توسط نشر Apress L. P. در سال 2021. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.
Use various defense strategies with Azure Sentinel to enhance your cloud security. This book will help you get hands-on experience, including threat hunting inside Azure cloud logs and metrics from services such as Azure Platform, Azure Active Directory, Azure Monitor, Azure Security Center, and others such as Azure Defender's many security layers. This book is divided into three parts. Part I helps you gain a clear understanding of Azure Sentinel and its features along with Azure Security Services, including Azure Monitor, Azure Security Center, and Azure Defender. Part II covers integration with third-party security appliances and you learn configuration support, including AWS. You will go through multi-Azure Tenant deployment best practices and its challenges. In Part III you learn how to improve cyber security threat hunting skills while increasing your ability to defend against attacks, stop data loss, prevent business disruption, and expose hidden malware. You will get an overview of the MITRE Attack Matrix and its usage, followed by Azure Sentinel operations and how to continue Azure Sentinel skill improvement. After reading this book, you will be able to protect Azure resources from cyberattacks and support XDR (Extend, Detect, Respond), an industry threat strategy through Azure Sentinel. What You Will Learn Understand Azure Sentinel technical benefits and functionality Configure to support incident response Integrate with Azure Security standards Be aware of challenges and costs for the Azure log analytics workspace Who This Book Is For Security consultants, solution architects, cloud security architects, and IT security engineers Table of Contents 5 About the Author 9 About the Technical Reviewer 10 Acknowledgments 11 Introduction 12 Part I 14 Chapter 1: Azure Sentinel Overview 15 Azure Sentinel Platform Benefits 16 Azure Deployment Recommendations 19 Global Design and Cost Preparation 20 Azure Sentinel Enablement 26 Azure Logs 29 Azure Metrics 31 Data Ingestion 39 Summary 50 Chapter 2: Other Azure Security Services 51 Azure Log Analytics 51 Azure Monitor 54 Azure Security Center 67 Enable Security 69 Microsoft Defender for Endpoint 73 Microsoft Defender for Identity 83 Summary 87 Chapter 3: Getting Started with Azure Sentinel and XDR Capabilities 88 Security Operations Center with Azure Sentinel and XDR 89 Azure Sentinel SIEM and Azure Security 90 Azure Sentinel Prioritization 94 Microsoft 365 Defender, XDR 101 Security Road Map 112 Summary 114 Part II 115 Chapter 4: Sentinel Data Connection 116 Azure Control Plane and Data Plane 116 Native Data Connectors 120 Log Analytics Storage Options 132 Industry Leaders’ Third-Party Data 134 Kusto Query Language 135 Threat Intelligence – TAXII Integration 145 Summary 152 Chapter 5: Threat Intelligence 153 Threat Intelligence 153 Communicating Using STIX and TAXII 158 Options for Threat Intelligence 162 Implementing Microsoft Threat Intelligence 163 Other Considerations for Threat Intelligence 165 Summary 169 Chapter 6: Multi-tenant Architecture 170 Azure Design: Single and Multi-tenant 171 Single-Workspace Considerations 179 Multi-workspace Considerations 181 Azure Security Platform 183 Summary 189 Part III 190 Chapter 7: Kusto Query Language and Threat Hunting 191 Where Does Azure Data Reside 191 Kusto Query Language Training 195 Introduction to the Kusto Query Language 198 Threat Hunting with Azure Sentinel 211 Summary 217 Chapter 8: Introduction to the MITRE Matrix 218 MITRE ATT&CK 219 CISO Summary 236 Cybersecurity Threats 240 Current Security Facts 242 Microsoft Security Intelligence Report (SIR) 243 2021 Verizon Data Breach Investigations Report (DBIR) Update 245 Ponemon Institute: IBM Sponsored 249 Cisco Annual Cybersecurity Report 251 FireEye M-Trends 2021 Annual Security Report 251 Secure Cloud Steps 252 Azure Cloud Networking, Encryption, and Data Storage 253 Identity Multi-factor Authentication (MFA) 253 Software Is a Key Vulnerability 254 OWASP, Security Development Lifecycle (SDLC) 254 Finding Cloud Blind Spots Improves Your Network Security Knowledge 255 NVD Use with ITIL/Change Management Patching 256 Security Responsibility Model 257 Summary 259 Chapter 9: Azure Sentinel Operations 260 Modern Security Operations Center Structure 260 Workbooks 268 Playbooks 272 Notebooks 277 Log Management 278 Summary 284 Index 285 "Use various defense strategies with Azure Sentinel to enhance your cloud security. This book will help you get hands-on experience, including threat hunting inside Azure cloud logs and metrics from services such as Azure Platform, Azure Active Directory, Azure Monitor, Azure Security Center, and others such as Azure Defender's many security layers. This book is divided into three parts. Part I helps you gain a clear understanding of Azure Sentinel and its features along with Azure Security Services, including Azure Monitor, Azure Security Center, and Azure Defender. Part II covers integration with third-party security appliances and you learn configuration support, including AWS. You will go through multi-Azure Tenant deployment best practices and its challenges. In Part III you learn how to improve cyber security threat hunting skills while increasing your ability to defend against attacks, stop data loss, prevent business disruption, and expose hidden malware. You will get an overview of the MITRE Attack Matrix and its usage, followed by Azure Sentinel operations and how to continue Azure Sentinel skill improvement. After reading this book, you will be able to protect Azure resources from cyberattacks and support XDR (Extend, Detect, Respond), an industry threat strategy through Azure Sentinel."--Amazon.ca
دانلود کتاب Cloud Defense Strategies with Azure Sentinel : Hands-on Threat Hunting in Cloud Logs and Services