وبلاگ بلیان

مثلث امنیت سایبری: هوش مصنوعی، اتوماسیون و دفاع سایبری فعال

The Cybersecurity Trinity: Artificial Intelligence, Automation, and Active Cyber Defense

معرفی کتاب «مثلث امنیت سایبری: هوش مصنوعی، اتوماسیون و دفاع سایبری فعال» (با عنوان لاتین The Cybersecurity Trinity: Artificial Intelligence, Automation, and Active Cyber Defense) نوشتهٔ Donnie W. Wendt، منتشرشده توسط نشر Apress L. P. در سال 2024. این کتاب در 2 صفحه، فرمت pdf، زبان انگلیسی ارائه شده است.

This book explores three crucial topics for cybersecurity professionals: artificial intelligence (AI), automation, and active cyber defense (ACD). The Cybersecurity Trinity will provide cybersecurity professionals with the necessary background to improve their defenses by harnessing the combined power of these three concepts. The book is divided into four sections, one addressing each underlying concept and the final section discussing integrating them to harness their full potential.With the expected growth of AI and machine learning (ML), cybersecurity professionals must understand its core concepts to defend AI and ML-based systems. Also, most cybersecurity tools now incorporate AI and ML. However, many cybersecurity professionals lack a fundamental understanding of AI and ML. The book's first section aims to demystify AI and ML for cybersecurity practitioners by exploring how AI and ML systems work, where they are vulnerable, and how to defend them.Next, we turn our attention to security automation. Human-centered cyber defense processes cannot keep pace with the threats targeting organizations. Security automation can help defenders drastically increase the speed of detection and response. This section will discuss core use cases that security teams can implement, including intelligence processing, incident triage, detection, and response. This section will end with strategies for a successful security automation implementation and strategies that can lead to failure.Accelerating the defense is but one side of the equation. Defenders can also implement ACD methods to disrupt and slow the attacker. Of course, ACD spans a broad spectrum, including some that could raise legal and ethical concerns. This section will explore some ACD methods and discuss their applicability, as well as the need to include business, legal, and ethical considerations when implementing them.Security teams often treat AI, automation, and ACD as disparate solutions, addressing... Table of Contents About the Author About the Technical Reviewer Acknowledgments Foreword Introduction Chapter 1: AI Is Everywhere AI Use by Industry Healthcare Financial Services Manufacturing Transportation Utilities Cross-Industry Trends Explainable AI AI Ethics Bias and Discrimination Privacy Environmental Impact The European Union AI Act Summary References Chapter 2: Overview of AI and ML Supervised Learning Classification Algorithms Decision Tree Random Forest Naïve Bayes k-Nearest Neighbors Support Vector Machine Predictive Algorithms Linear Regression Multiple Linear Regression Unsupervised Learning Market Basket Analysis Clustering k-Means Clustering Density-Based Clustering: DBSCAN Deep Learning: Artificial Neural Networks Reinforcement Learning Classic ML Method Summary Chapter 3: AI for Defense Email Security Spam Phishing Email Account Takeover Malware and Ransomware Detection Device Profiling Intrusion Detection Behavior Analytics User Behavior Analytics and Insider Threat Detection Challenges of UBA Alert Management Vulnerability Management Vulnerability Exploitation Prediction AI-Generated Synthetic Data Synthetic Data to Protect Privacy Synthetic Data for Model Development and Prototyping Accuracy and Unbalanced Data: A Word of Caution Summary References Chapter 4: ML in an Adversarial Environment Training and Testing Phase: Poisoning Attacks Label Flipping Example Adversarial Sample Insertion Example The ML Supply Chain: Pre-trained Models and Shared Datasets Inference Phase Attacks Exploratory Attacks Evasion Attacks Privacy Attacks Output Attacks Defending ML Traditional Cybersecurity Controls for ML Access Control Change Management and Version Control Limit Data from APIs Third-Party Audits ML-Specific Security Controls Data Provenance: Begin at the Source Training Data Sanity Check Robust Learning Monitoring and Response: Model Drift Adversarial ML Development Summary References Chapter 5: Combatting Generative AI Threats WormGPT and FraudGPT: The Rise of Dark LLMs AI Jailbreaking Deepfakes Creating a Deepfake Deepfakes in Politics and Propaganda Deepfakes for Fraud Defending Against Deepfake Fraud Misinformation and Disinformation A Targeted Disinformation Campaign Defending Against Targeted Misinformation Campaigns Hallucinations Summary References Chapter 6: The Need for Speed Driving Forces of Security Automation Manual Triage and Response Asymmetry Attacker’s Advantage The Increasing Sophistication of Attacks The Scarcity of Cybersecurity Professionals Increasing Data and Complexity Need for Security at Cyber Speed Continuing Cyberattacks Critical Infrastructure Ransomware: Colonial Pipeline Supply Chain Attack: SolarWinds Retail Data Breach: Forever 21 SOAR Benefits Efficiency Gains Increased Visibility and Decreased Time to Respond Process Completeness and Consistency Orchestrated Response What About Cost Savings? Summary References Chapter 7: The OODA Loop Often Depicted, Often Misunderstood Observe Orient Decide Act Emphasis on Orientation Applying the OODA Loop The OODA Loop in Business OODA Loop on the Field Applicability to Cybersecurity The IACD Framework IACD and the OODA Loop Implementing the Loop with Playbooks Summary References Chapter 8: Common SOAR Use Cases Alert Enrichment and Situational Awareness Intelligence The Threat Intelligence Process Manual Threat Intelligence Processing Applying Automation to the Threat Intelligence Process Intelligence Feed: File Hash Example Benefits of Automating the Threat Intelligence Process Alert Triage and False Positives Remediation Malware Response Phishing Response Orchestrated Response Across Disparate Systems Suspicious User Data Loss Prevention Forensic Investigation Enrichment Avoid Overreliance: A Word of Caution Summary Reference Chapter 9: Strategies for Success (and Failure) Moving from Human-in-the-Loop to Human-on-the-Loop Enabling Automation SOAR API Availability API Scale Considerations API Robustness Considerations API Information Considerations Automation Requires Trust and Confidence Provide Feedback from Automation Building Resilient Playbooks Auditing and Verifying Automation Continually Verify Trust Build Organizational Trust Measuring Success Small Steps Strategies for Failure Focus on Saving Money No Clear Priorities or Pipeline Focus on the Biggest Problem Automate Current Processes Destroy Organizational Trust Summary References Chapter 10: Active Cyber Defense Categorizing ACD Tactics The ACD Spectrum Low Risk Caution Deception Beacons Dark Web Intelligence Moving Target Defense Extreme Caution Malware Bait Malware and Whitehat Malware Rescue Missions Avoidance Legal and Ethical Considerations Restrictions on Offensive Cyber Possible Legislative Reform ACD and Self-defense The Importance of Boundaries Summary References Chapter 11: The OODA Loop Revisited Addressing Both Sides of the Equation Disrupting the Opponent’s OODA Loop Disrupt and Slow the Opponent’s Decision-Making Disrupt the Opponent’s Actions Summary Reference Chapter 12: Deception What Is Deception Deception in War George Washington, the Teller of Lies First US Army Group: The Ghost Army Concealment: The Battle of Kursk Deception in Cyberspace Applicability of Deception to Cybersecurity Prerequisites for Deception Components of a Typical Deception Platform Lures Decoys Tokens Honeypots and Honeynets Central Management Console Vampires and Cybersecurity Practical Uses of Deception Keys to Success Misinformation and Concealment Spread Misinformation Conceal Information Summary References Chapter 13: The Cybersecurity Trinity Bringing It All Together AI As the Foundation Risk Management Governance Threat Intelligence Vulnerability Management Device Profiling Intrusion Detection Malware Detection Email Security Data Loss Prevention Behavior Analytics Alert Management Automating to Speed Defense Alert Enrichment and Situational Awareness Alert Triage Threat Intelligence Processing Vulnerability Management Alert Response Actions Malware Response Phishing Response Insider Threat Response Data Loss Prevention Response Orchestrated Response in a Complex Environment Forensic Investigation Enrichment Active Cyber to Slow the Attacker Information Sharing Deflection and Blocking Deception Moving Targets Alerting Honeynets Misinformation and Concealment Beacons Dark Web Intelligence The Cybersecurity Trinity Overview of NIST CSF Applying the Cybersecurity Trinity to NIST CSF Identify Protect Detect Respond Recover Govern Where to Start Summary References Index df-3300.PNG
دانلود کتاب مثلث امنیت سایبری: هوش مصنوعی، اتوماسیون و دفاع سایبری فعال