Cyber Threat Intelligence (eBook)
304 Seiten
John Wiley & Sons (Verlag)
978-1-119-86176-8 (ISBN)
"Martin takes a thorough and focused approach to the processes that rule threat intelligence, but he doesn't just cover gathering, processing and distributing intelligence. He explains why you should care who is trying to hack you, and what you can do about it when you know."
--Simon Edwards, Security Testing Expert, CEO SE Labs Ltd., Chair AMTSO
Effective introduction to cyber threat intelligence, supplemented with detailed case studies and after action reports of intelligence on real attacks
Cyber Threat Intelligence introduces the history, terminology, and techniques to be applied within cyber security, offering an overview of the current state of cyberattacks and stimulating readers to consider their own issues from a threat intelligence point of view. The author takes a systematic, system-agnostic, and holistic view to generating, collecting, and applying threat intelligence.
The text covers the threat environment, malicious attacks, collecting, generating, and applying intelligence and attribution, as well as legal and ethical considerations. It ensures readers know what to look out for when considering a potential cyber attack and imparts how to prevent attacks early on, explaining how threat actors can exploit a system's vulnerabilities. It also includes analysis of large scale attacks such as WannaCry, NotPetya, Solar Winds, VPNFilter, and the Target breach, looking at the real intelligence that was available before and after the attack.
Topics covered in Cyber Threat Intelligence include:
* The constant change of the threat environment as capabilities, intent, opportunities, and defenses change and evolve
* Different business models of threat actors, and how these dictate the choice of victims and the nature of their attacks
* Planning and executing a threat intelligence programme to improve an organistation's cyber security posture
* Techniques for attributing attacks and holding perpetrators to account for their actions
Cyber Threat Intelligence describes the intelligence techniques and models used in cyber threat intelligence. It provides a survey of ideas, views and concepts, rather than offering a hands-on practical guide. It is intended for anyone who wishes to learn more about the domain, particularly if they wish to develop a career in intelligence, and as a reference for those already working in the area.
Martin Lee is Technical Lead of Security Research within Talos, Cisco's threat intelligence and research organization. Martin started his career researching the genetics of human viruses, but soon switched paths to follow a career in IT. With over 20 years of experience within the cyber security industry, he is CISSP certified, a Chartered Engineer, and holds degrees from the Universities of Bristol, Cambridge, Paris-Sud and Oxford.
Preface
About the Author
Abbreviations
1. Introduction
Definitions
History of Threat Intelligence
Utility of Threat Intelligence
Summary
2. Threat Environment
Threat
Risk and Vulnerability
Threat Actors
TTPs - Tactics, Techniques and Procedures
Victimology
Threat Landscape
Attack Vectors, Vulnerabilities and Exploits
Untargeted vs Targeted Attacks
Persistence
Thinking Like a Threat Actor
Summary
3. Applying Intelligence
Planning Intelligence Gathering
The Intelligence Cycle
Situational Awarenesss
Goal Oriented Security and Threat Modelling
Strategic, Operational and Tactical Intelligence
Incident Preparedness and Response
Summary
4. Collecting Intelligence
Hierarchy of Evidence
Understanding Intelligence
Third Party Intelligence Reports
Internal Incident Reports
Active Intelligence Gathering
Summary
5. Generating Intelligence
The Intelligence Cycle in Practice
Applying the Intelligence Cycle
Sources of Data
Searching Data
Threat Hunting
Transforming Data into Intelligence
Sharing Intelligence
Measuring the Effectiveness of Generated Intelligence
Summary
6. Attribution
Holding Perpetrators to Account
Standards of Proof
Mechanisms of Attribution
Anti-Attribution Techniques
Third Party Attribution
Using Attribution
Summary
7. Professionalism
Notions of Professionalism
Developing a New Profession
Behaving Ethically
Legal and Ethical Environment
Managing the Unexpected
Continuous Improvement
Summary
8. Future Threats and Conclusions
Emerging Technologies
Emerging Attacks
Emerging Workforce
Conclusion
9. Case Studies
Target Compromise 2013
WannaCry 2017
NotPetya 2017
VPNFilter 2018
SUNBURST and SUNSPOT 2020
Macron Leaks 2017
Index
| Erscheint lt. Verlag | 11.4.2023 |
|---|---|
| Sprache | englisch |
| Themenwelt | Mathematik / Informatik ► Informatik ► Theorie / Studium |
| Schlagworte | Computer Science • Computer Science Special Topics • Computer Security & Cryptography • Computersicherheit • Computersicherheit u. Kryptographie • Cyberkrieg • Cyberkriminalität • Cyber-Kriminalität • Cyber-Sicherheit • Informatik • Militär, Sicherheitsdienste, Geheimdienste • Military / Security / Intelligence • Networking / Security • Netzwerke / Sicherheit • Political Science • Politikwissenschaft • Spezialthemen Informatik |
| ISBN-10 | 1-119-86176-4 / 1119861764 |
| ISBN-13 | 978-1-119-86176-8 / 9781119861768 |
| Haben Sie eine Frage zum Produkt? |
EPUB (Adobe DRM)Größe: 3,4 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
