Hilfe Warenkorb Konto Anmelden
 
 
   Schnellsuche   
     zur Expertensuche                      
Cyber Threat Intelligence - The No-Nonsense Guide for CISOs and Security Managers  
Cyber Threat Intelligence - The No-Nonsense Guide for CISOs and Security Managers
von: Aaron Roberts
Apress, 2021
ISBN: 9781484272206
221 Seiten, Download: 2359 KB
 
Format:  PDF
geeignet für: Apple iPad, Android Tablet PC's Online-Lesen PC, MAC, Laptop

Typ: A (einfacher Zugriff)

 
 
eBook anfordern
Inhaltsverzeichnis

  Table of Contents 5  
  About the Author 11  
  Acknowledgments 12  
  Introduction 13  
  Chapter 1: The Cybersecurity Wild West 21  
     Identifying the Wheat from the Chaff 21  
     What Kinds of Vendors Are There? 24  
     Where Do You Even Begin? Always Start with Intelligence Requirements 26  
     What Sectors Is Your Business Operating In? 27  
     What Systems and Services Do You Use and Want to Monitor for Threats? 28  
     What Are the Threats You’re Worried About As a Business? 29  
     What Other Security Vendors Do You Use? 30  
     What Is Your Business Planning to Do in the Next X Years? 31  
     Further Considerations for IRs 32  
     What Do You Get for Your Money? 33  
     Key Takeaways 35  
  Chapter 2: Cyber Threat Intelligence – What Does It Even Mean? 37  
     The Intelligence Cycle 39  
        1. Planning and Direction 39  
        2. Collection 40  
        3. Processing and Exploitation 41  
        4. Analysis 41  
        5. Dissemination 42  
        6. Feedback 43  
     The Diamond Model 44  
        Diamond Model – Adversary 45  
        Diamond Model – Victim 46  
        Diamond Model – Infrastructure 47  
        Diamond Model – Capabilities/TTPs 49  
     How Do We Apply Intelligence to Existing Security? The Cyber Kill-Chain and MITRE ATT&CK Framework 50  
        Human Behavior Doesn’t Change 51  
        The IOC Is Dead. Long Live the IOC 52  
        Security Products Are Evolving – So Should You 53  
     The Cyber Kill-Chain 54  
     Key Takeaways 56  
  Chapter 3: Structured Intelligence – What Does It Even Mean? 57  
     OpenIOC 58  
     MITRE ATT&CK 59  
        Using MITRE ATT&CK 60  
     STIX – Why It’s Important 64  
     Aligning STIX with ATT&CK – Where the Magic Happens 67  
        Threat Actor 70  
        Campaign 71  
        Attack Pattern 71  
        Malware 73  
        Vulnerability 74  
        Course of Action 75  
        Victim 75  
        Report 76  
        Indicators 77  
        The Remaining STIX 2.1 Objects 78  
           Grouping 79  
           Identity 79  
           Infrastructure 79  
           Location 79  
           Malware Analysis 79  
           Note 80  
           Observed Data 80  
           Opinion 80  
           Tool 80  
           Relationship 81  
           Sighting 81  
        What About the Kill-Chain? 81  
     Key Takeaways 83  
  Chapter 4: Determining What Your Business Needs 85  
     Who Are Your Customers? 87  
     Intelligence Reporting 90  
        Tactical Intelligence 90  
        Operational Intelligence 91  
        Strategic Intelligence 92  
        Other Types of Intelligence Reporting 93  
           Awareness Reporting 93  
           Executive/VIP Profile Reporting 94  
           Spot/Flash Reporting 94  
           Summary Reporting 95  
     Intelligence Report Structure 96  
        Key Points 96  
        Summary 97  
        Details 97  
        Recommendations 97  
     Appendices 97  
     I Have Requirements! I Have Report Templates! Now What? 98  
        Business Needs 98  
        Automation – Can This Help? 99  
     What If the Business Doesn’t Know What It Wants? 101  
     Key Takeaways 102  
  Chapter 5: How Do I Implement This? (Regardless of Budget) 104  
     Threat Feeds 105  
     News Reports/Blogs 106  
     Social Media 107  
     Data Breach Notifications 109  
     Patch and Vulnerability Notifications 110  
     Geopolitical Affairs 111  
     Industry Events 113  
     Personal Contacts 114  
     Sharing Groups 115  
     Requirements, Check. Basic Collection Sources, Check. Now, What? 116  
        Prioritizing Areas for Funding 118  
     Intelligence Analysts – How to Use Them 119  
        Different Analysts for Different Things? 120  
     Key Takeaways 122  
  Chapter 6: Things to Consider When Implementing CTI 123  
     Your Organization’s Footprint 124  
        Big Game or Small Fry? 124  
        Territories 126  
        Digital Footprint 127  
     The Risks Associated to Your Organization 129  
        Risks Outside Your Control 131  
     The Gaps Left Behind by Funding/Vendor/IT Black Holes 133  
        Funding Gaps 133  
        Vendor Gaps 135  
        IT Black Holes 137  
     The Human Factor 138  
        What Is an Analyst? 139  
           Curiosity 139  
           Critical Thinking 140  
           Self-Awareness 141  
           Analysis 142  
              Data Validation 142  
              Inductive/Deductive Reasoning 142  
              5WH – Who, What, Where, When, Why, and How 143  
              Structured Analytical Techniques 143  
           Cyber Specific 143  
              Computer Literacy 144  
              Information Security Fundamentals 144  
        External Influences 145  
     Key Takeaways 146  
  Chapter 7: The Importance of OSINT 148  
     What Is OSINT? 148  
     Different Types of OSINT Data Platforms 149  
        Threat Feeds 149  
        Research Platforms 151  
        Social Media 152  
        Messenger Platforms 153  
     Platforms Are Good, But How Do I Research Data Using OSINT? 154  
        OSINT – Technologies 154  
        OSINT – Threat Actors 155  
        OSINT – Data 156  
     What Does an OSINT Investigator Need? 160  
        Sockpuppets – What? 161  
        A New Old Phone 163  
        A New Face 163  
        Password Manager 164  
     Maintaining Accounts 164  
     So If I’m Undercover, Should I Contact People for Information? 166  
     Combining OSINT with Other Sources 167  
     Key Takeaways 168  
  Chapter 8: I Already Pay for Vendor X – Should I Bother with CTI? 170  
     Establishing What Your Existing Vendor(s) Do Well 170  
        The Humble Conversation 171  
     Establishing What Your Vendors Don’t Do Well (or at All) 173  
     How Can You Improve the Existing Processes? 174  
     What Sort of Things Should You Adopt In-House? 176  
        What About Open Source Solutions? 177  
        CTI Starting Block – What to Prioritize? 179  
     The Benefits of Finding a Good Vendor 181  
     Key Takeaways 184  
  Chapter 9: Summary 185  
     The Main Themes Discussed in This Book 186  
     How You Can Follow Up with Me 190  
  Chapter 10: Useful Resources 192  
     Online Resources 194  
        Domains 195  
        IP Addresses 199  
        File Hashes and Documents 202  
        Web Technologies 203  
        Email Addresses and Data Breaches 204  
        Usernames 206  
        Cryptocurrency 208  
        Paste Sites 209  
        Social Media 211  
           Facebook 211  
           Twitter 212  
           Instagram 214  
           Other Social Media and Messenger Apps 214  
  Index 217  


nach oben


  Mehr zum Inhalt
Kapitelübersicht
Kurzinformation
Inhaltsverzeichnis
Leseprobe
Blick ins Buch
Fragen zu eBooks?

  Navigation
Belletristik / Romane
Computer
Geschichte
Kultur
Medizin / Gesundheit
Philosophie / Religion
Politik
Psychologie / Pädagogik
Ratgeber
Recht
Reise / Hobbys
Technik / Wissen
Wirtschaft

© 2008-2024 ciando GmbH | Impressum | Kontakt | F.A.Q. | Datenschutz