Für diesen Artikel ist leider kein Bild verfügbar.

Incident Response for Windows

Adapt effective strategies for managing sophisticated cyberattacks targeting Windows systems
Buch | Softcover
244 Seiten
2024
Packt Publishing Limited (Verlag)
978-1-80461-932-2 (ISBN)
37,40 inkl. MwSt
Get to grips with modern sophisticated attacks, their intrusion life cycles, and the key motivations of adversaries, and build the most effective cybersecurity incident preparedness, response, remediation, and prevention methodologies

Key Features

Explore contemporary sophisticated cyber threats, focusing on their tactics, techniques, and procedures
Craft the most robust enterprise-wide cybersecurity incident response methodology, scalable to any magnitude
Master the development of efficient incident remediation and prevention strategies
Purchase of the print or Kindle book includes a free PDF eBook

Book DescriptionCybersecurity incidents are becoming increasingly common and costly, making incident response a critical domain for organizations to understand and implement. This book enables you to effectively detect, respond to, and prevent cyberattacks on Windows-based systems by equipping you with the knowledge and tools needed to safeguard your organization's critical assets, in line with the current threat landscape.
The book begins by introducing you to modern sophisticated cyberattacks, including threat actors, methods, and motivations. Then, the phases of efficient incident response are linked to the attack's life cycle using a unified cyber kill chain. As you advance, you'll explore various types of Windows-based platform endpoint forensic evidence and the arsenal necessary to gain full visibility of the Windows infrastructure. The concluding chapters discuss the best practices in the threat hunting process, along with proactive approaches that you can take to discover cybersecurity incidents before they reach their final stage.
By the end of this book, you’ll have gained the skills necessary to run intelligence-driven incident response in a Windows environment, establishing a full-fledged incident response and management process, as well as proactive methodologies to enhance the cybersecurity posture of an enterprise environment.What you will learn

Explore diverse approaches and investigative procedures applicable to any Windows system
Grasp various techniques to analyze Windows-based endpoints
Discover how to conduct infrastructure-wide analyses to identify the scope of cybersecurity incidents
Develop effective strategies for incident remediation and prevention
Attain comprehensive infrastructure visibility and establish a threat hunting process
Execute incident reporting procedures effectively

Who this book is forThis book is for IT professionals, Windows IT administrators, cybersecurity practitioners, and incident response teams, including SOC teams, responsible for managing cybersecurity incidents in Windows-based environments. Specifically, system administrators, security analysts, and network engineers tasked with maintaining the security of Windows systems and networks will find this book indispensable. Basic understanding of Windows systems and cybersecurity concepts is needed to grasp the concepts in this book.

Anatoly Tykushin is a services director at Group-IB with 6 years of experience in digital forensics, incident response, compromise assessment, and threat hunting. He has created several DFIR training programs in incident response and network forensics, written several blog posts, and contributed to threat research reports. Outside of DFIR, he has a background in IT administration and DevOps, microcontroller unit development in C, and ASM. Svetlana Ostrovskaya is a practicing specialist in digital forensics and incident response at Group-IB. She is the author of DFIR training programs and cybersecurity crisis management workshops, and the author and co-author of blog posts, articles, and books on information security, computer forensics, and incident response.

Table of Contents

Introduction to the Threat Landscape
Understanding the Attack Life Cycle
Phases of an Efficient Incident Response on Windows Infrastructure
Endpoint Forensic Evidence Collection
Gaining Access to the Network
Establishing a Foothold
Network and Key Assets Discovery
Network Propagation
Data Collection and Exfiltration
Impact
Threat Hunting and Analysis of TTPs
Incident Containment, Eradication, and Recovery
Incident Investigation Closure and Reporting

Erscheinungsdatum
Vorwort Dmitry Volkov
Verlagsort Birmingham
Sprache englisch
Maße 191 x 235 mm
Themenwelt Informatik Betriebssysteme / Server Windows
Informatik Netzwerke Sicherheit / Firewall
ISBN-10 1-80461-932-9 / 1804619329
ISBN-13 978-1-80461-932-2 / 9781804619322
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
Insider-Wissen – praxisnah & kompetent

von Ed Bott

Buch | Hardcover (2023)
dpunkt (Verlag)
44,90
Daten abfragen und verarbeiten mit Excel und Power BI

von Ignaz A. Schels

Buch (2023)
Hanser (Verlag)
49,99