وبلاگ بلیان

Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers

معرفی کتاب «Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers» نوشتهٔ Lauren، Benton و Aaron Roberts، منتشرشده توسط نشر Apress : Imprint: Apress در سال 2021. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

Understand the process of setting up a successful cyber threat intelligence (CTI) practice within an established security team. This book shows you how threat information that has been collected, evaluated, and analyzed is a critical component in protecting your organization’s resources. Adopting an intelligence-led approach enables your organization to nimbly react to situations as they develop. Security controls and responses can then be applied as soon as they become available, enabling prevention rather than response. There are a lot of competing approaches and ways of working, but this book cuts through the confusion. Author Aaron Roberts introduces the best practices and methods for using CTI successfully. This book will help not only senior security professionals, but also those looking to break into the industry. You will learn the theories and mindset needed to be successful in CTI. This book covers the cybersecurity wild west, the merits and limitations of structured intelligence data, and how using structured intelligence data can, and should, be the standard practice for any intelligence team. You will understand your organizations’ risks, based on the industry and the adversaries you are most likely to face, the importance of open-source intelligence (OSINT) to any CTI practice, and discover the gaps that exist with your existing commercial solutions and where to plug those gaps, and much more. What You Will Learn Know the wide range of cybersecurity products and the risks and pitfalls aligned with blindly working with a vendor Understand critical intelligence concepts such as the intelligence cycle, setting intelligence requirements, the diamond model, and how to apply intelligence to existing security information Understand structured intelligence (STIX) and why it’s important, and aligning STIX to ATT&CK and how structured intelligence helps improve final intelligence reporting Know how to approach CTI, depending on your budget Prioritize areas when it comes to funding and the best approaches to incident response, requests for information, or ad hoc reporting Critically evaluate services received from your existing vendors, including what they do well, what they don’t do well (or at all), how you can improve on this, the things you should consider moving in-house rather than outsourcing, and the benefits of finding and maintaining relationships with excellent vendors Who This Book Is For Senior security leaders in charge of cybersecurity teams who are considering starting a threat intelligence team, those considering a career change into cyber threat intelligence (CTI) who want a better understanding of the main philosophies and ways of working in the industry, and security professionals with no prior intelligence experience but have technical proficiency in other areas (e.g., programming, security architecture, or engineering) Table of Contents About the Author Acknowledgments Introduction Chapter 1: The Cybersecurity Wild West Identifying the Wheat from the Chaff What Kinds of Vendors Are There? Where Do You Even Begin? Always Start with Intelligence Requirements What Sectors Is Your Business Operating In? What Systems and Services Do You Use and Want to Monitor for Threats? What Are the Threats You’re Worried About As a Business? What Other Security Vendors Do You Use? What Is Your Business Planning to Do in the Next X Years? Further Considerations for IRs What Do You Get for Your Money? Key Takeaways Chapter 2: Cyber Threat Intelligence – What Does It Even Mean? The Intelligence Cycle 1. Planning and Direction 2. Collection 3. Processing and Exploitation 4. Analysis 5. Dissemination 6. Feedback The Diamond Model Diamond Model – Adversary Diamond Model – Victim Diamond Model – Infrastructure Diamond Model – Capabilities/TTPs How Do We Apply Intelligence to Existing Security? The Cyber Kill-Chain and MITRE ATT&CK Framework Human Behavior Doesn’t Change The IOC Is Dead. Long Live the IOC Security Products Are Evolving – So Should You The Cyber Kill-Chain Key Takeaways Chapter 3: Structured Intelligence – What Does It Even Mean? OpenIOC MITRE ATT&CK Using MITRE ATT&CK STIX – Why It’s Important Aligning STIX with ATT&CK – Where the Magic Happens Threat Actor Campaign Attack Pattern Malware Vulnerability Course of Action Victim Report Indicators The Remaining STIX 2.1 Objects Grouping Identity Infrastructure Location Malware Analysis Note Observed Data Opinion Tool Relationship Sighting What About the Kill-Chain? Key Takeaways Chapter 4: Determining What Your Business Needs Who Are Your Customers? Intelligence Reporting Tactical Intelligence Operational Intelligence Strategic Intelligence Other Types of Intelligence Reporting Awareness Reporting Executive/VIP Profile Reporting Spot/Flash Reporting Summary Reporting Intelligence Report Structure Key Points Summary Details Recommendations Appendices I Have Requirements! I Have Report Templates! Now What? Business Needs Automation – Can This Help? What If the Business Doesn’t Know What It Wants? Key Takeaways Chapter 5: How Do I Implement This? (Regardless of Budget) Threat Feeds News Reports/Blogs Social Media Data Breach Notifications Patch and Vulnerability Notifications Geopolitical Affairs Industry Events Personal Contacts Sharing Groups Requirements, Check. Basic Collection Sources, Check. Now, What? Prioritizing Areas for Funding Intelligence Analysts – How to Use Them Different Analysts for Different Things? Key Takeaways Chapter 6: Things to Consider When Implementing CTI Your Organization’s Footprint Big Game or Small Fry? Territories Digital Footprint The Risks Associated to Your Organization Risks Outside Your Control The Gaps Left Behind by Funding/Vendor/IT Black Holes Funding Gaps Vendor Gaps IT Black Holes The Human Factor What Is an Analyst? Curiosity Critical Thinking Self-Awareness Analysis Data Validation Inductive/Deductive Reasoning 5WH – Who, What, Where, When, Why, and How Structured Analytical Techniques Cyber Specific Computer Literacy Information Security Fundamentals External Influences Key Takeaways Chapter 7: The Importance of OSINT What Is OSINT? Different Types of OSINT Data Platforms Threat Feeds Research Platforms Social Media Messenger Platforms Platforms Are Good, But How Do I Research Data Using OSINT? OSINT – Technologies OSINT – Threat Actors OSINT – Data What Does an OSINT Investigator Need? Sockpuppets – What? A New Old Phone A New Face Password Manager Maintaining Accounts So If I’m Undercover, Should I Contact People for Information? Combining OSINT with Other Sources Key Takeaways Chapter 8: I Already Pay for Vendor X – Should I Bother with CTI? Establishing What Your Existing Vendor(s) Do Well The Humble Conversation Establishing What Your Vendors Don’t Do Well (or at All) How Can You Improve the Existing Processes? What Sort of Things Should You Adopt In-House? What About Open Source Solutions? CTI Starting Block – What to Prioritize? The Benefits of Finding a Good Vendor Key Takeaways Chapter 9: Summary The Main Themes Discussed in This Book How You Can Follow Up with Me Chapter 10: Useful Resources Online Resources Domains IP Addresses File Hashes and Documents Web Technologies Email Addresses and Data Breaches Usernames Cryptocurrency Paste Sites Social Media Facebook Twitter Instagram Other Social Media and Messenger Apps Index Understand the process of setting up a successful cyber threat intelligence (CTI) practice within an established security team. This book shows you how threat information that has been collected, evaluated, and analyzed is a critical component in protecting your organizations resources. Adopting an intelligence-led approach enables your organization to nimbly react to situations as they develop. Security controls and responses can then be applied as soon as they become available, enabling prevention rather than response. There are a lot of competing approaches and ways of working, but this book cuts through the confusion. Author Aaron Roberts introduces the best practices and methods for using CTI successfully. This book will help not only senior security professionals, but also those looking to break into the industry. You will learn the theories and mindset needed to be successful in CTI. This book covers the cybersecurity wild west, the merits and limitations of structured intelligence data, and how using structured intelligence data can, and should, be the standard practice for any intelligence team. You will understand your organizations risks, based on the industry and the adversaries you are most likely to face, the importance of open-source intelligence (OSINT) to any CTI practice, and discover the gaps that exist with your existing commercial solutions and where to plug those gaps, and much more. You will: Know the wide range of cybersecurity products and the risks and pitfalls aligned with blindly working with a vendor Understand critical intelligence concepts such as the intelligence cycle, setting intelligence requirements, the diamond model, and how to apply intelligence to existing security information Understand structured intelligence (STIX) and why its important, and aligning STIX to ATT & CK and how structured intelligence helps improve final intelligence reporting Know how to approach CTI, depending on your budget Prioritize areas when it comes to funding and the best approaches to incident response, requests for information, or ad hoc reporting Critically evaluate services received from your existing vendors, including what they do well, what they dont do well (or at all), how you can improve on this, the things you should consider moving in-house rather than outsourcing, and the benefits of finding and maintaining relationships with excellent vendors
دانلود کتاب Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers