Intelligence-driven incident response: outwitting the adversary [First edition] 9781491934944, 1491934948
Using a well-conceived incident response plan in the aftermath of an online security breach enables your team to identif
241 81 2MB
English Pages xvii, 260 pages: illustrations; 24 cm Year 2017
Table of contents :
Machine generated contents note: pt. I The Fundamentals --
1. Introduction --
Intelligence as Part of Incident Response --
History of Cyber Threat Intelligence --
Modern Cyber Threat Intelligence --
The Way Forward --
Incident Response as a Part of Intelligence --
What Is Intelligence-Driven Incident Response? --
Why Intelligence-Driven Incident Response? --
Operation SMN --
Operation Aurora --
Conclusion --
2. Basics of Intelligence --
Data Versus Intelligence --
Sources and Methods --
Process Models --
OODA --
Intelligence Cycle --
Using the Intelligence Cycle --
Qualities of Good Intelligence --
Levels of Intelligence --
Tactical Intelligence --
Operational Intelligence --
Strategic Intelligence --
Confidence Levels --
Conclusion --
3. Basics of Incident Response --
Incident-Response Cycle --
Preparation --
Identification --
Containment --
Eradication --
Recovery --
Lessons Learned --
Kill Chain --
Targeting --
Reconnaissance --
Weaponization --
Delivery --
Exploitation --
Installation --
Command and Control --
Actions on Objective --
Example Kill Chain --
Diamond Model --
Basic Model --
Extending the Model --
Active Defense --
Deny --
Disrupt --
Degrade --
Deceive --
Destroy --
F3EAD --
Find --
Fix --
Finish --
Exploit --
Analyze --
Disseminate --
Using F3EAD --
Picking the Right Model --
Scenario: GLASS WIZARD --
Conclusion --
pt. II Practical Application --
4. Find --
Actor-Centric Targeting --
Starting with Known Information --
Useful Find Information --
Asset-Centric Targeting --
Using Asset-Centric Targeting --
News-Centric Targeting --
Targeting Based on Third-Party Notification --
Prioritizing Targeting --
Immediate Needs --
Past Incidents --
Criticality --
Organizing Targeting Activities --
Hard Leads --
Soft Leads --
Grouping Related Leads --
Lead Storage --
The Request for Information Process --
Conclusion --
5. Fix --
Intrusion Detection --
Network Alerting --
System Alerting --
Fixing GLASS WIZARD --
Intrusion Investigation --
Network Analysis --
Live Response --
Memory Analysis --
Disk Analysis --
Malware Analysis --
Scoping --
Hunting --
Developing Leads --
Testing Leads --
Conclusion --
6. Finish --
Finishing Is Not Hacking Back --
Stages of Finish --
Mitigate --
Remediate --
Rearchitect --
Taking Action --
Deny --
Disrupt --
Degrade --
Deceive --
Destroy --
Organizing Incident Data --
Tools for Tracking Actions --
Purpose-Built Tools --
Assessing the Damage --
Monitoring Life Cycle --
Conclusion --
7. Exploit --
What to Exploit? --
Gathering Information --
Storing Threat Information --
Data Standards and Formats for Indicators --
Data Standards and Formats for Strategic Information --
Managing Information --
Threat-Intelligence Platforms --
Conclusion --
8. Analyze --
The Fundamentals of Analysis --
What to Analyze? --
Conducting the Analysis --
Enriching Your Data --
Developing Your Hypothesis --
Evaluating Key Assumptions --
Judgment and Conclusions --
Analytic Processes and Methods --
Structured Analysis --
Target-Centric Analysis --
Analysis of Competing Hypotheses --
Graph Analysis --
Contrarian Techniques --
Conclusion --
9. Disseminate --
Intelligence Consumer Goals --
Audience --
Executive/Leadership Consumer --
Internal Technical Consumers --
External Technical Consumers --
Developing Consumer Personas --
Authors --
Actionability --
The Writing Process --
Plan --
Draft --
Edit --
Intelligence Product Formats --
Short-Form Products --
Long-Form Products --
The RFI Process --
Automated Consumption Products --
Establishing a Rhythm --
Distribution --
Feedback --
Regular Products --
Conclusion --
pt. III The Way Forward --
10. Strategic Intelligence --
What Is Strategic Intelligence? --
Developing Target Models --
The Strategic Intelligence Cycle --
Setting Strategic Requirements --
Collection --
Analysis --
Dissemination --
Conclusion --
11. Building an Intelligence Program --
Are You Ready? --
Planning the Program --
Defining Stakeholders --
Defining Goals --
Defining Success Criteria --
Identifying Requirements and Constraints --
Defining Metrics --
Stakeholder Personas --
Tactical Use Cases --
SOC Support --
Indicator Management --
Operational Use Cases --
Campaign Tracking --
Strategic Use Cases --
Architecture Support --
Risk Assessment/Strategic Situational Awareness --
Strategic to Tactical or Tactical to Strategic? --
Hiring an Intelligence Team --
Demonstrating Intelligence Program Value --
Conclusion.
Machine generated contents note: pt. I The Fundamentals --
1. Introduction --
Intelligence as Part of Incident Response --
History of Cyber Threat Intelligence --
Modern Cyber Threat Intelligence --
The Way Forward --
Incident Response as a Part of Intelligence --
What Is Intelligence-Driven Incident Response? --
Why Intelligence-Driven Incident Response? --
Operation SMN --
Operation Aurora --
Conclusion --
2. Basics of Intelligence --
Data Versus Intelligence --
Sources and Methods --
Process Models --
OODA --
Intelligence Cycle --
Using the Intelligence Cycle --
Qualities of Good Intelligence --
Levels of Intelligence --
Tactical Intelligence --
Operational Intelligence --
Strategic Intelligence --
Confidence Levels --
Conclusion --
3. Basics of Incident Response --
Incident-Response Cycle --
Preparation --
Identification --
Containment --
Eradication --
Recovery --
Lessons Learned --
Kill Chain --
Targeting --
Reconnaissance --
Weaponization --
Delivery --
Exploitation --
Installation --
Command and Control --
Actions on Objective --
Example Kill Chain --
Diamond Model --
Basic Model --
Extending the Model --
Active Defense --
Deny --
Disrupt --
Degrade --
Deceive --
Destroy --
F3EAD --
Find --
Fix --
Finish --
Exploit --
Analyze --
Disseminate --
Using F3EAD --
Picking the Right Model --
Scenario: GLASS WIZARD --
Conclusion --
pt. II Practical Application --
4. Find --
Actor-Centric Targeting --
Starting with Known Information --
Useful Find Information --
Asset-Centric Targeting --
Using Asset-Centric Targeting --
News-Centric Targeting --
Targeting Based on Third-Party Notification --
Prioritizing Targeting --
Immediate Needs --
Past Incidents --
Criticality --
Organizing Targeting Activities --
Hard Leads --
Soft Leads --
Grouping Related Leads --
Lead Storage --
The Request for Information Process --
Conclusion --
5. Fix --
Intrusion Detection --
Network Alerting --
System Alerting --
Fixing GLASS WIZARD --
Intrusion Investigation --
Network Analysis --
Live Response --
Memory Analysis --
Disk Analysis --
Malware Analysis --
Scoping --
Hunting --
Developing Leads --
Testing Leads --
Conclusion --
6. Finish --
Finishing Is Not Hacking Back --
Stages of Finish --
Mitigate --
Remediate --
Rearchitect --
Taking Action --
Deny --
Disrupt --
Degrade --
Deceive --
Destroy --
Organizing Incident Data --
Tools for Tracking Actions --
Purpose-Built Tools --
Assessing the Damage --
Monitoring Life Cycle --
Conclusion --
7. Exploit --
What to Exploit? --
Gathering Information --
Storing Threat Information --
Data Standards and Formats for Indicators --
Data Standards and Formats for Strategic Information --
Managing Information --
Threat-Intelligence Platforms --
Conclusion --
8. Analyze --
The Fundamentals of Analysis --
What to Analyze? --
Conducting the Analysis --
Enriching Your Data --
Developing Your Hypothesis --
Evaluating Key Assumptions --
Judgment and Conclusions --
Analytic Processes and Methods --
Structured Analysis --
Target-Centric Analysis --
Analysis of Competing Hypotheses --
Graph Analysis --
Contrarian Techniques --
Conclusion --
9. Disseminate --
Intelligence Consumer Goals --
Audience --
Executive/Leadership Consumer --
Internal Technical Consumers --
External Technical Consumers --
Developing Consumer Personas --
Authors --
Actionability --
The Writing Process --
Plan --
Draft --
Edit --
Intelligence Product Formats --
Short-Form Products --
Long-Form Products --
The RFI Process --
Automated Consumption Products --
Establishing a Rhythm --
Distribution --
Feedback --
Regular Products --
Conclusion --
pt. III The Way Forward --
10. Strategic Intelligence --
What Is Strategic Intelligence? --
Developing Target Models --
The Strategic Intelligence Cycle --
Setting Strategic Requirements --
Collection --
Analysis --
Dissemination --
Conclusion --
11. Building an Intelligence Program --
Are You Ready? --
Planning the Program --
Defining Stakeholders --
Defining Goals --
Defining Success Criteria --
Identifying Requirements and Constraints --
Defining Metrics --
Stakeholder Personas --
Tactical Use Cases --
SOC Support --
Indicator Management --
Operational Use Cases --
Campaign Tracking --
Strategic Use Cases --
Architecture Support --
Risk Assessment/Strategic Situational Awareness --
Strategic to Tactical or Tactical to Strategic? --
Hiring an Intelligence Team --
Demonstrating Intelligence Program Value --
Conclusion.
![Intelligence-driven incident response: outwitting the adversary [First edition]
9781491934944, 1491934948](https://ebin.pub/img/200x200/intelligence-driven-incident-response-outwitting-the-adversary-first-edition-9781491934944-1491934948.jpg)
- Author / Uploaded
- Roberts
- Scott J;Brown
- Rebekah;Maxwell
- Kyle R
![Intelligence-Driven Incident Response: Outwitting the Adversary [2 ed.]
109812068X, 9781098120689](https://ebin.pub/img/200x200/intelligence-driven-incident-response-outwitting-the-adversary-2nbsped-109812068x-9781098120689.jpg)
![Intelligence-Driven Incident Response: Outwitting the Adversary [2 ed.]
109812068X, 9781098120689](https://ebin.pub/img/200x200/intelligence-driven-incident-response-outwitting-the-adversary-2nbsped-109812068x-9781098120689-v-2198954.jpg)
![Hacker’s challenge: test your incident response skills using 20 scenarios [First edition.]
0072193840, 9780072193848](https://ebin.pub/img/200x200/hackers-challenge-test-your-incident-response-skills-using-20-scenarios-first-edition-0072193840-9780072193848.jpg)
![Incident Response: A Strategic Guide to Handling System and Network Security Breaches [illustrated edition]
1578702569, 9781578702565](https://ebin.pub/img/200x200/incident-response-a-strategic-guide-to-handling-system-and-network-security-breaches-illustrated-edition-1578702569-9781578702565.jpg)
![Intelligence-Driven Incident Response, 2nd Edition (5th Early Release) [2 ed.]
9781098120689, 9781098120627](https://ebin.pub/img/200x200/intelligence-driven-incident-response-2nd-edition-5th-early-release-2nbsped-9781098120689-9781098120627.jpg)
![Incident Response and Computer Forensics [2 ed.]
9780072226966, 007222696X](https://ebin.pub/img/200x200/incident-response-and-computer-forensics-2nbsped-9780072226966-007222696x.jpg)
![Applied Incident Response [1 ed.]
9781119560319, 1119560314](https://ebin.pub/img/200x200/applied-incident-response-1nbsped-9781119560319-1119560314.jpg)