Dekorationsartikel gehören nicht zum Leistungsumfang.
Sprache:
Englisch
93,90 €*
Versandkostenfrei per Post / DHL
auf Lager, Lieferzeit 1-2 Werktage
Kategorien:
Beschreibung
CYBER THREAT INTELLIGENCE
"Martin takes a thorough and focused approach to the processes that rule threat intelligence, but he doesn't just cover gathering, processing and distributing intelligence. He explains why you should care who is trying to hack you, and what you can do about it when you know."
--Simon Edwards, Security Testing Expert, CEO SE Labs Ltd., Chair AMTSO
Effective introduction to cyber threat intelligence, supplemented with detailed case studies and after action reports of intelligence on real attacks
Cyber Threat Intelligence introduces the history, terminology, and techniques to be applied within cyber security, offering an overview of the current state of cyberattacks and stimulating readers to consider their own issues from a threat intelligence point of view. The author takes a systematic, system-agnostic, and holistic view to generating, collecting, and applying threat intelligence.
The text covers the threat environment, malicious attacks, collecting, generating, and applying intelligence and attribution, as well as legal and ethical considerations. It ensures readers know what to look out for when considering a potential cyber attack and imparts how to prevent attacks early on, explaining how threat actors can exploit a system's vulnerabilities. It also includes analysis of large scale attacks such as WannaCry, NotPetya, Solar Winds, VPNFilter, and the Target breach, looking at the real intelligence that was available before and after the attack.
Topics covered in Cyber Threat Intelligence include:
* The constant change of the threat environment as capabilities, intent, opportunities, and defenses change and evolve
* Different business models of threat actors, and how these dictate the choice of victims and the nature of their attacks
* Planning and executing a threat intelligence programme to improve an organistation's cyber security posture
* Techniques for attributing attacks and holding perpetrators to account for their actions
Cyber Threat Intelligence describes the intelligence techniques and models used in cyber threat intelligence. It provides a survey of ideas, views and concepts, rather than offering a hands-on practical guide. It is intended for anyone who wishes to learn more about the domain, particularly if they wish to develop a career in intelligence, and as a reference for those already working in the area.
Reviews:
I really enjoyed this engaging book, which beautifully answered one of the first questions I had coming into the profession of cyber security: 'What is Cyber Threat Intelligence?' It progressively walked me through the world of cyber threat intelligence, peppered with rich content collected through years' of experience and knowledge. It is satisfyingly detailed to make it an interesting read for those already in cyber security wanting to learn more, but also caters to those who are just curious about the prevalent cyber threat and where it may be headed. One of the takeaways from this book for me is how finding threats is not the most important thing but how the effective communication of it is equally important so that it triggers appropriate actions at appropriate timing. Moreover, as a penetration tester, we are used to looking at the little details so it was refreshing and eye-opening to learn about the macro view on cyber threat landscape. Ryoko Amano, Penetration Tester
Cyber threats are a constant danger for companies in the private sector, which makes cyber threat intelligence an increasingly crucial tool for identifying security risks, developing proactive strategies, and responding swiftly to attacks. Martin Lee's new book is a comprehensive guide that takes the mystery out of using threat intelligence to strengthen a company's cyber defence. With a clear and concise explanation of the basics of threat intelligence, Martin provides a full picture of what's available and how to use it. Moreover, his book is packed with useful references and resources that will be invaluable for threat intelligence teams. Whether you're just starting in cybersecurity or a seasoned professional, this book is a must-have reference guide that will enhance your detection and mitigation of cyber threats. Gavin Reid, CISO VP Threat Intelligence at Human Security
Martin Lee blends cyber threats, intel collection, attribution, and respective case studies in a compelling narrative. Lee does an excellent job of explaining complex concepts in a manner that is accessible to anyone wanting to develop a career in intelligence. What sets this book apart is the author's ability to collect related fundamentals and applications described in a pragmatic manner. Understandably, the book's challenge is non-disclosure of sensitive operational information. This is an excellent reference that I would highly recommend to cyber security professionals and academics wanting to deepen their domain expertise and broaden current knowledge. Threats indeed evolve and we must too. Dr Roland Padilla, FACS CP (Cyber Security), Senior Cyber Security Advisor - Defence Program (CISCO Systems), Army Officer (AUS DoD)
An interesting and valuable contribution to the literature supporting the development of cyber security professional practice. This well researched and thoroughly referenced book provides both practitioners and those studying cyber threats with a sound basis for understanding the threat environment and the intelligence cycle required to understand and interpret existing and emerging threats. It is supported by relevant case studies of cyber security incidents enabling readers to contextualise the relationship between threat intelligence and incident response. Hugh Boyes, University of Warwick
A valuable resource for anyone within the cyber security industry. It breaks down the concepts behind building an effective cyber threat intelligence practice by not only explaining the practical elements to gathering and sharing intelligence data, but the fundamentals behind why it's important and how to assess the usefulness of it. By also providing a detailed history of intelligence sharing across the ages with a rich set of examples, Martin is able to show the value of developing this side of cyber security that is often neglected. This book is equally accessible to those beginning their careers in cyber security as well as to those who have been in the industry for some time and wish to have a comprehensive reference. Stephan Freeman, Director, Axcelot Ltd
This book is a wonderful read; what most impressed me was Martin's ability to provide a succinct history of threat intelligence in a coherent, easy to read manner. Citing numerous examples throughout the book, Martin allows the reader to understand what threat intelligence encompasses and provides guidance on industry best practices and insight into emerging threats which every organisation should be aware of. An incumbent read for any cybersecurity professional! Yusuf Khan, Technical Solutions Specialist - Cybersecurity, Cisco "I really enjoyed this engaging book, which beautifully answered one of the first questions I had coming into the profession of cyber security: 'What is Cyber Threat Intelligence?' It progressively walked me through the world of cyber threat intelligence, peppered with rich content collected through years' of experience and knowledge. It is satisfyingly detailed to make it an interesting read for those already in cyber security wanting to learn more, but also caters to those who are just curious about the prevalent cyber threat and where it may be headed. One of the takeaways from this book for me is how finding threats is not the most important thing but how the effective communication of it is equally important so that it triggers appropriate actions at appropriate timing. Moreover, as a penetration tester, we are used to looking at the little details so it was refreshing and eye-opening to learn about the macro view on cyber threat landscape." --Ryoko Amano, Penetration Tester "Cyber threats are a constant danger for companies in the private sector, which makes cyber threat intelligence an increasingly crucial tool for identifying security risks, developing proactive strategies, and responding swiftly to attacks. Martin Lee's new book is a comprehensive guide that takes the mystery out of using threat intelligence to strengthen a company's cyber defence. With a clear and concise explanation of the basics of threat intelligence, Martin provides a full picture of what's available and how to use it. Moreover, his book is packed with useful references and resources that will be invaluable for threat intelligence teams. Whether you're just starting in cybersecurity or a seasoned professional, this book is a must-have reference guide that will enhance your detection and mitigation of cyber threats." --Gavin Reid, CISO VP Threat Intelligence at Human Security
"Martin takes a thorough and focused approach to the processes that rule threat intelligence, but he doesn't just cover gathering, processing and distributing intelligence. He explains why you should care who is trying to hack you, and what you can do about it when you know."
--Simon Edwards, Security Testing Expert, CEO SE Labs Ltd., Chair AMTSO
Effective introduction to cyber threat intelligence, supplemented with detailed case studies and after action reports of intelligence on real attacks
Cyber Threat Intelligence introduces the history, terminology, and techniques to be applied within cyber security, offering an overview of the current state of cyberattacks and stimulating readers to consider their own issues from a threat intelligence point of view. The author takes a systematic, system-agnostic, and holistic view to generating, collecting, and applying threat intelligence.
The text covers the threat environment, malicious attacks, collecting, generating, and applying intelligence and attribution, as well as legal and ethical considerations. It ensures readers know what to look out for when considering a potential cyber attack and imparts how to prevent attacks early on, explaining how threat actors can exploit a system's vulnerabilities. It also includes analysis of large scale attacks such as WannaCry, NotPetya, Solar Winds, VPNFilter, and the Target breach, looking at the real intelligence that was available before and after the attack.
Topics covered in Cyber Threat Intelligence include:
* The constant change of the threat environment as capabilities, intent, opportunities, and defenses change and evolve
* Different business models of threat actors, and how these dictate the choice of victims and the nature of their attacks
* Planning and executing a threat intelligence programme to improve an organistation's cyber security posture
* Techniques for attributing attacks and holding perpetrators to account for their actions
Cyber Threat Intelligence describes the intelligence techniques and models used in cyber threat intelligence. It provides a survey of ideas, views and concepts, rather than offering a hands-on practical guide. It is intended for anyone who wishes to learn more about the domain, particularly if they wish to develop a career in intelligence, and as a reference for those already working in the area.
Reviews:
I really enjoyed this engaging book, which beautifully answered one of the first questions I had coming into the profession of cyber security: 'What is Cyber Threat Intelligence?' It progressively walked me through the world of cyber threat intelligence, peppered with rich content collected through years' of experience and knowledge. It is satisfyingly detailed to make it an interesting read for those already in cyber security wanting to learn more, but also caters to those who are just curious about the prevalent cyber threat and where it may be headed. One of the takeaways from this book for me is how finding threats is not the most important thing but how the effective communication of it is equally important so that it triggers appropriate actions at appropriate timing. Moreover, as a penetration tester, we are used to looking at the little details so it was refreshing and eye-opening to learn about the macro view on cyber threat landscape. Ryoko Amano, Penetration Tester
Cyber threats are a constant danger for companies in the private sector, which makes cyber threat intelligence an increasingly crucial tool for identifying security risks, developing proactive strategies, and responding swiftly to attacks. Martin Lee's new book is a comprehensive guide that takes the mystery out of using threat intelligence to strengthen a company's cyber defence. With a clear and concise explanation of the basics of threat intelligence, Martin provides a full picture of what's available and how to use it. Moreover, his book is packed with useful references and resources that will be invaluable for threat intelligence teams. Whether you're just starting in cybersecurity or a seasoned professional, this book is a must-have reference guide that will enhance your detection and mitigation of cyber threats. Gavin Reid, CISO VP Threat Intelligence at Human Security
Martin Lee blends cyber threats, intel collection, attribution, and respective case studies in a compelling narrative. Lee does an excellent job of explaining complex concepts in a manner that is accessible to anyone wanting to develop a career in intelligence. What sets this book apart is the author's ability to collect related fundamentals and applications described in a pragmatic manner. Understandably, the book's challenge is non-disclosure of sensitive operational information. This is an excellent reference that I would highly recommend to cyber security professionals and academics wanting to deepen their domain expertise and broaden current knowledge. Threats indeed evolve and we must too. Dr Roland Padilla, FACS CP (Cyber Security), Senior Cyber Security Advisor - Defence Program (CISCO Systems), Army Officer (AUS DoD)
An interesting and valuable contribution to the literature supporting the development of cyber security professional practice. This well researched and thoroughly referenced book provides both practitioners and those studying cyber threats with a sound basis for understanding the threat environment and the intelligence cycle required to understand and interpret existing and emerging threats. It is supported by relevant case studies of cyber security incidents enabling readers to contextualise the relationship between threat intelligence and incident response. Hugh Boyes, University of Warwick
A valuable resource for anyone within the cyber security industry. It breaks down the concepts behind building an effective cyber threat intelligence practice by not only explaining the practical elements to gathering and sharing intelligence data, but the fundamentals behind why it's important and how to assess the usefulness of it. By also providing a detailed history of intelligence sharing across the ages with a rich set of examples, Martin is able to show the value of developing this side of cyber security that is often neglected. This book is equally accessible to those beginning their careers in cyber security as well as to those who have been in the industry for some time and wish to have a comprehensive reference. Stephan Freeman, Director, Axcelot Ltd
This book is a wonderful read; what most impressed me was Martin's ability to provide a succinct history of threat intelligence in a coherent, easy to read manner. Citing numerous examples throughout the book, Martin allows the reader to understand what threat intelligence encompasses and provides guidance on industry best practices and insight into emerging threats which every organisation should be aware of. An incumbent read for any cybersecurity professional! Yusuf Khan, Technical Solutions Specialist - Cybersecurity, Cisco "I really enjoyed this engaging book, which beautifully answered one of the first questions I had coming into the profession of cyber security: 'What is Cyber Threat Intelligence?' It progressively walked me through the world of cyber threat intelligence, peppered with rich content collected through years' of experience and knowledge. It is satisfyingly detailed to make it an interesting read for those already in cyber security wanting to learn more, but also caters to those who are just curious about the prevalent cyber threat and where it may be headed. One of the takeaways from this book for me is how finding threats is not the most important thing but how the effective communication of it is equally important so that it triggers appropriate actions at appropriate timing. Moreover, as a penetration tester, we are used to looking at the little details so it was refreshing and eye-opening to learn about the macro view on cyber threat landscape." --Ryoko Amano, Penetration Tester "Cyber threats are a constant danger for companies in the private sector, which makes cyber threat intelligence an increasingly crucial tool for identifying security risks, developing proactive strategies, and responding swiftly to attacks. Martin Lee's new book is a comprehensive guide that takes the mystery out of using threat intelligence to strengthen a company's cyber defence. With a clear and concise explanation of the basics of threat intelligence, Martin provides a full picture of what's available and how to use it. Moreover, his book is packed with useful references and resources that will be invaluable for threat intelligence teams. Whether you're just starting in cybersecurity or a seasoned professional, this book is a must-have reference guide that will enhance your detection and mitigation of cyber threats." --Gavin Reid, CISO VP Threat Intelligence at Human Security
CYBER THREAT INTELLIGENCE
"Martin takes a thorough and focused approach to the processes that rule threat intelligence, but he doesn't just cover gathering, processing and distributing intelligence. He explains why you should care who is trying to hack you, and what you can do about it when you know."
--Simon Edwards, Security Testing Expert, CEO SE Labs Ltd., Chair AMTSO
Effective introduction to cyber threat intelligence, supplemented with detailed case studies and after action reports of intelligence on real attacks
Cyber Threat Intelligence introduces the history, terminology, and techniques to be applied within cyber security, offering an overview of the current state of cyberattacks and stimulating readers to consider their own issues from a threat intelligence point of view. The author takes a systematic, system-agnostic, and holistic view to generating, collecting, and applying threat intelligence.
The text covers the threat environment, malicious attacks, collecting, generating, and applying intelligence and attribution, as well as legal and ethical considerations. It ensures readers know what to look out for when considering a potential cyber attack and imparts how to prevent attacks early on, explaining how threat actors can exploit a system's vulnerabilities. It also includes analysis of large scale attacks such as WannaCry, NotPetya, Solar Winds, VPNFilter, and the Target breach, looking at the real intelligence that was available before and after the attack.
Topics covered in Cyber Threat Intelligence include:
* The constant change of the threat environment as capabilities, intent, opportunities, and defenses change and evolve
* Different business models of threat actors, and how these dictate the choice of victims and the nature of their attacks
* Planning and executing a threat intelligence programme to improve an organistation's cyber security posture
* Techniques for attributing attacks and holding perpetrators to account for their actions
Cyber Threat Intelligence describes the intelligence techniques and models used in cyber threat intelligence. It provides a survey of ideas, views and concepts, rather than offering a hands-on practical guide. It is intended for anyone who wishes to learn more about the domain, particularly if they wish to develop a career in intelligence, and as a reference for those already working in the area.
Reviews:
I really enjoyed this engaging book, which beautifully answered one of the first questions I had coming into the profession of cyber security: 'What is Cyber Threat Intelligence?' It progressively walked me through the world of cyber threat intelligence, peppered with rich content collected through years' of experience and knowledge. It is satisfyingly detailed to make it an interesting read for those already in cyber security wanting to learn more, but also caters to those who are just curious about the prevalent cyber threat and where it may be headed. One of the takeaways from this book for me is how finding threats is not the most important thing but how the effective communication of it is equally important so that it triggers appropriate actions at appropriate timing. Moreover, as a penetration tester, we are used to looking at the little details so it was refreshing and eye-opening to learn about the macro view on cyber threat landscape. Ryoko Amano, Penetration Tester
Cyber threats are a constant danger for companies in the private sector, which makes cyber threat intelligence an increasingly crucial tool for identifying security risks, developing proactive strategies, and responding swiftly to attacks. Martin Lee's new book is a comprehensive guide that takes the mystery out of using threat intelligence to strengthen a company's cyber defence. With a clear and concise explanation of the basics of threat intelligence, Martin provides a full picture of what's available and how to use it. Moreover, his book is packed with useful references and resources that will be invaluable for threat intelligence teams. Whether you're just starting in cybersecurity or a seasoned professional, this book is a must-have reference guide that will enhance your detection and mitigation of cyber threats. Gavin Reid, CISO VP Threat Intelligence at Human Security
Martin Lee blends cyber threats, intel collection, attribution, and respective case studies in a compelling narrative. Lee does an excellent job of explaining complex concepts in a manner that is accessible to anyone wanting to develop a career in intelligence. What sets this book apart is the author's ability to collect related fundamentals and applications described in a pragmatic manner. Understandably, the book's challenge is non-disclosure of sensitive operational information. This is an excellent reference that I would highly recommend to cyber security professionals and academics wanting to deepen their domain expertise and broaden current knowledge. Threats indeed evolve and we must too. Dr Roland Padilla, FACS CP (Cyber Security), Senior Cyber Security Advisor - Defence Program (CISCO Systems), Army Officer (AUS DoD)
An interesting and valuable contribution to the literature supporting the development of cyber security professional practice. This well researched and thoroughly referenced book provides both practitioners and those studying cyber threats with a sound basis for understanding the threat environment and the intelligence cycle required to understand and interpret existing and emerging threats. It is supported by relevant case studies of cyber security incidents enabling readers to contextualise the relationship between threat intelligence and incident response. Hugh Boyes, University of Warwick
A valuable resource for anyone within the cyber security industry. It breaks down the concepts behind building an effective cyber threat intelligence practice by not only explaining the practical elements to gathering and sharing intelligence data, but the fundamentals behind why it's important and how to assess the usefulness of it. By also providing a detailed history of intelligence sharing across the ages with a rich set of examples, Martin is able to show the value of developing this side of cyber security that is often neglected. This book is equally accessible to those beginning their careers in cyber security as well as to those who have been in the industry for some time and wish to have a comprehensive reference. Stephan Freeman, Director, Axcelot Ltd
This book is a wonderful read; what most impressed me was Martin's ability to provide a succinct history of threat intelligence in a coherent, easy to read manner. Citing numerous examples throughout the book, Martin allows the reader to understand what threat intelligence encompasses and provides guidance on industry best practices and insight into emerging threats which every organisation should be aware of. An incumbent read for any cybersecurity professional! Yusuf Khan, Technical Solutions Specialist - Cybersecurity, Cisco "I really enjoyed this engaging book, which beautifully answered one of the first questions I had coming into the profession of cyber security: 'What is Cyber Threat Intelligence?' It progressively walked me through the world of cyber threat intelligence, peppered with rich content collected through years' of experience and knowledge. It is satisfyingly detailed to make it an interesting read for those already in cyber security wanting to learn more, but also caters to those who are just curious about the prevalent cyber threat and where it may be headed. One of the takeaways from this book for me is how finding threats is not the most important thing but how the effective communication of it is equally important so that it triggers appropriate actions at appropriate timing. Moreover, as a penetration tester, we are used to looking at the little details so it was refreshing and eye-opening to learn about the macro view on cyber threat landscape." --Ryoko Amano, Penetration Tester "Cyber threats are a constant danger for companies in the private sector, which makes cyber threat intelligence an increasingly crucial tool for identifying security risks, developing proactive strategies, and responding swiftly to attacks. Martin Lee's new book is a comprehensive guide that takes the mystery out of using threat intelligence to strengthen a company's cyber defence. With a clear and concise explanation of the basics of threat intelligence, Martin provides a full picture of what's available and how to use it. Moreover, his book is packed with useful references and resources that will be invaluable for threat intelligence teams. Whether you're just starting in cybersecurity or a seasoned professional, this book is a must-have reference guide that will enhance your detection and mitigation of cyber threats." --Gavin Reid, CISO VP Threat Intelligence at Human Security
"Martin takes a thorough and focused approach to the processes that rule threat intelligence, but he doesn't just cover gathering, processing and distributing intelligence. He explains why you should care who is trying to hack you, and what you can do about it when you know."
--Simon Edwards, Security Testing Expert, CEO SE Labs Ltd., Chair AMTSO
Effective introduction to cyber threat intelligence, supplemented with detailed case studies and after action reports of intelligence on real attacks
Cyber Threat Intelligence introduces the history, terminology, and techniques to be applied within cyber security, offering an overview of the current state of cyberattacks and stimulating readers to consider their own issues from a threat intelligence point of view. The author takes a systematic, system-agnostic, and holistic view to generating, collecting, and applying threat intelligence.
The text covers the threat environment, malicious attacks, collecting, generating, and applying intelligence and attribution, as well as legal and ethical considerations. It ensures readers know what to look out for when considering a potential cyber attack and imparts how to prevent attacks early on, explaining how threat actors can exploit a system's vulnerabilities. It also includes analysis of large scale attacks such as WannaCry, NotPetya, Solar Winds, VPNFilter, and the Target breach, looking at the real intelligence that was available before and after the attack.
Topics covered in Cyber Threat Intelligence include:
* The constant change of the threat environment as capabilities, intent, opportunities, and defenses change and evolve
* Different business models of threat actors, and how these dictate the choice of victims and the nature of their attacks
* Planning and executing a threat intelligence programme to improve an organistation's cyber security posture
* Techniques for attributing attacks and holding perpetrators to account for their actions
Cyber Threat Intelligence describes the intelligence techniques and models used in cyber threat intelligence. It provides a survey of ideas, views and concepts, rather than offering a hands-on practical guide. It is intended for anyone who wishes to learn more about the domain, particularly if they wish to develop a career in intelligence, and as a reference for those already working in the area.
Reviews:
I really enjoyed this engaging book, which beautifully answered one of the first questions I had coming into the profession of cyber security: 'What is Cyber Threat Intelligence?' It progressively walked me through the world of cyber threat intelligence, peppered with rich content collected through years' of experience and knowledge. It is satisfyingly detailed to make it an interesting read for those already in cyber security wanting to learn more, but also caters to those who are just curious about the prevalent cyber threat and where it may be headed. One of the takeaways from this book for me is how finding threats is not the most important thing but how the effective communication of it is equally important so that it triggers appropriate actions at appropriate timing. Moreover, as a penetration tester, we are used to looking at the little details so it was refreshing and eye-opening to learn about the macro view on cyber threat landscape. Ryoko Amano, Penetration Tester
Cyber threats are a constant danger for companies in the private sector, which makes cyber threat intelligence an increasingly crucial tool for identifying security risks, developing proactive strategies, and responding swiftly to attacks. Martin Lee's new book is a comprehensive guide that takes the mystery out of using threat intelligence to strengthen a company's cyber defence. With a clear and concise explanation of the basics of threat intelligence, Martin provides a full picture of what's available and how to use it. Moreover, his book is packed with useful references and resources that will be invaluable for threat intelligence teams. Whether you're just starting in cybersecurity or a seasoned professional, this book is a must-have reference guide that will enhance your detection and mitigation of cyber threats. Gavin Reid, CISO VP Threat Intelligence at Human Security
Martin Lee blends cyber threats, intel collection, attribution, and respective case studies in a compelling narrative. Lee does an excellent job of explaining complex concepts in a manner that is accessible to anyone wanting to develop a career in intelligence. What sets this book apart is the author's ability to collect related fundamentals and applications described in a pragmatic manner. Understandably, the book's challenge is non-disclosure of sensitive operational information. This is an excellent reference that I would highly recommend to cyber security professionals and academics wanting to deepen their domain expertise and broaden current knowledge. Threats indeed evolve and we must too. Dr Roland Padilla, FACS CP (Cyber Security), Senior Cyber Security Advisor - Defence Program (CISCO Systems), Army Officer (AUS DoD)
An interesting and valuable contribution to the literature supporting the development of cyber security professional practice. This well researched and thoroughly referenced book provides both practitioners and those studying cyber threats with a sound basis for understanding the threat environment and the intelligence cycle required to understand and interpret existing and emerging threats. It is supported by relevant case studies of cyber security incidents enabling readers to contextualise the relationship between threat intelligence and incident response. Hugh Boyes, University of Warwick
A valuable resource for anyone within the cyber security industry. It breaks down the concepts behind building an effective cyber threat intelligence practice by not only explaining the practical elements to gathering and sharing intelligence data, but the fundamentals behind why it's important and how to assess the usefulness of it. By also providing a detailed history of intelligence sharing across the ages with a rich set of examples, Martin is able to show the value of developing this side of cyber security that is often neglected. This book is equally accessible to those beginning their careers in cyber security as well as to those who have been in the industry for some time and wish to have a comprehensive reference. Stephan Freeman, Director, Axcelot Ltd
This book is a wonderful read; what most impressed me was Martin's ability to provide a succinct history of threat intelligence in a coherent, easy to read manner. Citing numerous examples throughout the book, Martin allows the reader to understand what threat intelligence encompasses and provides guidance on industry best practices and insight into emerging threats which every organisation should be aware of. An incumbent read for any cybersecurity professional! Yusuf Khan, Technical Solutions Specialist - Cybersecurity, Cisco "I really enjoyed this engaging book, which beautifully answered one of the first questions I had coming into the profession of cyber security: 'What is Cyber Threat Intelligence?' It progressively walked me through the world of cyber threat intelligence, peppered with rich content collected through years' of experience and knowledge. It is satisfyingly detailed to make it an interesting read for those already in cyber security wanting to learn more, but also caters to those who are just curious about the prevalent cyber threat and where it may be headed. One of the takeaways from this book for me is how finding threats is not the most important thing but how the effective communication of it is equally important so that it triggers appropriate actions at appropriate timing. Moreover, as a penetration tester, we are used to looking at the little details so it was refreshing and eye-opening to learn about the macro view on cyber threat landscape." --Ryoko Amano, Penetration Tester "Cyber threats are a constant danger for companies in the private sector, which makes cyber threat intelligence an increasingly crucial tool for identifying security risks, developing proactive strategies, and responding swiftly to attacks. Martin Lee's new book is a comprehensive guide that takes the mystery out of using threat intelligence to strengthen a company's cyber defence. With a clear and concise explanation of the basics of threat intelligence, Martin provides a full picture of what's available and how to use it. Moreover, his book is packed with useful references and resources that will be invaluable for threat intelligence teams. Whether you're just starting in cybersecurity or a seasoned professional, this book is a must-have reference guide that will enhance your detection and mitigation of cyber threats." --Gavin Reid, CISO VP Threat Intelligence at Human Security
Über den Autor
Martin Lee is Technical Lead of Security Research within Talos, Cisco's threat intelligence and research organization. Martin started his career researching the genetics of human viruses, but soon switched paths to follow a career in IT. With over 20 years of experience within the cyber security industry, he is CISSP certified, a Chartered Engineer, and holds degrees from the Universities of Bristol, Cambridge, Paris-Sud and Oxford.
Inhaltsverzeichnis
Preface xi
About the Author xiii
Abbreviations xv
Endorsements for Martin Lee's Book xix
1 Introduction 1
1.1 Definitions 1
1.1.1 Intelligence 2
1.1.2 Cyber Threat 3
1.1.3 Cyber Threat Intelligence 4
1.2 History of Threat Intelligence 5
1.2.1 Antiquity 5
1.2.2 Ancient Rome 7
1.2.3 Medieval and Renaissance Age 8
1.2.4 Industrial Age 10
1.2.5 World War I 11
1.2.6 World War II 13
1.2.7 Post War Intelligence 14
1.2.8 Cyber Threat Intelligence 15
1.2.9 Emergence of Private Sector Intelligence Sharing 19
1.3 Utility of Threat Intelligence 21
1.3.1 Developing Cyber Threat Intelligence 23
Summary 24
References 24
2 Threat Environment 31
2.1 Threat 31
2.1.1 Threat Classification 33
2.2 Risk and Vulnerability 35
2.2.1 Human Vulnerabilities 38
2.2.1.1 Example - Business Email Compromise 39
2.2.2 Configuration Vulnerabilities 39
2.2.2.1 Example - Misconfiguration of Cloud Storage 40
2.2.3 Software Vulnerabilities 41
2.2.3.1 Example - Log4j Vulnerabilities 43
2.3 Threat Actors 43
2.3.1 Example - Operation Payback 46
2.3.2 Example - Stuxnet 47
2.3.3 Tracking Threat Actors 47
2.4 TTPs - Tactics, Techniques, and Procedures 49
2.5 Victimology 53
2.5.1 Diamond Model 55
2.6 Threat Landscape 56
2.6.1 Example - Ransomware 57
2.7 Attack Vectors, Vulnerabilities, and Exploits 58
2.7.1 Email Attack Vectors 59
2.7.2 Web-Based Attacks 60
2.7.3 Network Service Attacks 61
2.7.4 Supply Chain Attacks 61
2.8 The Kill Chain 62
2.9 Untargeted versus Targeted Attacks 64
2.10 Persistence 65
2.11 Thinking Like a Threat Actor 66
Summary 66
References 67
3 Applying Intelligence 75
3.1 Planning Intelligence Gathering 75
3.1.1 The Intelligence Programme 77
3.1.2 Principles of Intelligence 78
3.1.3 Intelligence Metrics 81
3.2 The Intelligence Cycle 82
3.2.1 Planning, Requirements, and Direction 83
3.2.2 Collection 84
3.2.3 Analysis and Processing 84
3.2.4 Production 85
3.2.5 Dissemination 85
3.2.6 Review 85
3.3 Situational Awareness 86
3.3.1 Example - 2013 Target Breach 88
3.4 Goal Oriented Security and Threat Modelling 89
3.5 Strategic, Operational, and Tactical Intelligence 91
3.5.1 Strategic Intelligence 91
3.5.1.1 Example - Lazarus Group 92
3.5.2 Operational Intelligence 93
3.5.2.1 Example - SamSam 93
3.5.3 Tactical Intelligence 94
3.5.3.1 Example - WannaCry 94
3.5.4 Sources of Intelligence Reports 94
3.5.4.1 Example - Shamoon 95
3.6 Incident Preparedness and Response 96
3.6.1 Preparation and Practice 99
Summary 100
References 100
4 Collecting Intelligence 105
4.1 Hierarchy of Evidence 105
4.1.1 Example - Smoking Tobacco Risk 107
4.2 Understanding Intelligence 108
4.2.1 Expressing Credibility 109
4.2.2 Expressing Confidence 110
4.2.3 Understanding Errors 114
4.2.3.1 Example - the WannaCry Email 114
4.2.3.2 Example - the Olympic Destroyer False Flags 114
4.3 Third Party Intelligence Reports 115
4.3.1 Tactical and Operational Reports 116
4.3.1.1 Example - Heartbleed 117
4.3.2 Strategic Threat Reports 118
4.4 Internal Incident Reports 118
4.5 Root Cause Analysis 119
4.6 Active Intelligence Gathering 120
4.6.1 Example - the Nightingale Floor 122
4.6.2 Example - the Macron Leaks 122
Summary 123
References 123
5 Generating Intelligence 127
5.1 The Intelligence Cycle in Practice 128
5.1.1 See it, Sense it, Share it, Use it 128
5.1.2 F3EAD Cycle 129
5.1.3 D3A Process 131
5.1.4 Applying the Intelligence Cycle 132
5.1.4.1 Planning and Requirements 132
5.1.4.2 Collection, Analysis, and Processing 133
5.1.4.3 Production and Dissemination 134
5.1.4.4 Feedback and Improvement 135
5.1.4.5 The Intelligence Cycle in Reverse 135
5.2 Sources of Data 136
5.3 Searching Data 137
5.4 Threat Hunting 138
5.4.1 Models of Threat Hunting 139
5.4.2 Analysing Data 140
5.4.3 Entity Behaviour Analytics 143
5.5 Transforming Data into Intelligence 144
5.5.1 Structured Geospatial Analytical Method 144
5.5.2 Analysis of Competing Hypotheses 146
5.5.3 Poor Practices 146
5.6 Sharing Intelligence 147
5.6.1 Machine Readable Intelligence 150
5.7 Measuring the Effectiveness of Generated Intelligence 151
Summary 152
References 152
6 Attribution 155
6.1 Holding Perpetrators to Account 155
6.1.1 Punishment 156
6.1.2 Legal Frameworks 156
6.1.3 Cyber Crime Legislation 157
6.1.4 International Law 158
6.1.5 Crime and Punishment 158
6.2 Standards of Proof 158
6.2.1 Forensic Evidence 159
6.3 Mechanisms of Attribution 160
6.3.1 Attack Attributes 161
6.3.1.1 Attacker TTPs 161
6.3.1.2 Example - HAFNIUM 162
6.3.1.3 Attacker Infrastructure 162
6.3.1.4 Victimology 163
6.3.1.5 Malicious Code 163
6.3.2 Asserting Attribution 165
6.4 Anti- Attribution Techniques 166
6.4.1 Infrastructure 166
6.4.2 Malicious Tools 166
6.4.3 False Attribution 167
6.4.4 Chains of Attribution 167
6.5 Third Party Attribution 167
6.6 Using Attribution 168
Summary 170
References 171
7 Professionalism 175
7.1 Notions of Professionalism 176
7.1.1 Professional Ethics 177
7.2 Developing a New Profession 178
7.2.1 Professional Education 178
7.2.2 Professional Behaviour and Ethics 179
7.2.2.1 Professionalism in Medicine 179
7.2.2.2 Professionalism in Accountancy 181
7.2.2.3 Professionalism in Engineering 183
7.2.3 Certifications and Codes of Ethics 186
7.3 Behaving Ethically 188
7.3.1 The Five Philosophical Approaches 188
7.3.2 The Josephson Model 189
7.3.3 PMI Ethical Decision Making Framework 190
7.4 Legal and Ethical Environment 191
7.4.1 Planning 192
7.4.1.1 Responsible Vulnerability Disclosure 193
7.4.1.2 Vulnerability Hoarding 194
7.4.2 Collection, Analysis, and Processing 194
7.4.2.1 PRISM Programme 195
7.4.2.2 Open and Closed Doors 196
7.4.3 Dissemination 196
7.4.3.1 Doxxing 197
7.5 Managing the Unexpected 198
7.6 Continuous Improvement 199
Summary 199
References 200
8 Future Threats and Conclusion 207
8.1 Emerging Technologies 207
8.1.1 Smart Buildings 208
8.1.1.1 Software Errors 209
8.1.1.2 Example - Maroochy Shire Incident 210
8.1.2 Health Care 211
8.1.2.1 Example - Conti Attack Against Irish Health Sector 212
8.1.3 Transport Systems 213
8.2 Emerging Attacks 214
8.2.1 Threat Actor Evolutions 214
8.2.1.1 Criminal Threat Actors 214
8.2.1.2 Nation State Threat Actors 216
8.2.1.3 Other Threat Actors 220
8.3 Emerging Workforce 221
8.3.1 Job Roles and Skills 221
8.3.2 Diversity in Hiring 225
8.3.3 Growing the Profession 227
8.4 Conclusion 228
References 229
9 Case Studies 237
9.1 Target Compromise 2013 238
9.1.1 Background 238
9.1.2 The Attack 241
9.2 WannaCry 2017 243
9.2.1 Background 244
9.2.1.1 Guardians of Peace 244
9.2.1.2 The Shadow Brokers 245
9.2.1.3 Threat Landscape - Worms and Ransomware 247
9.2.2 The Attack 247
9.2.2.1 Prelude 247
9.2.2.2 Malware 249
9.3 NotPetya 2017 251
9.3.1 Background 251
9.3.2 The Attack 252
9.3.2.1 Distribution 253
9.3.2.2 Payload 253
9.3.2.3 Spread and Consequences 254
9.4 VPNFilter 2018 255
9.4.1 Background 255
9.4.2 The Attack 256
9.5 SUNBURST and SUNSPOT 2020 257
9.5.1 Background 258
9.5.2 The Attack 259
9.6 Macron Leaks 2017 260
9.6.1 Background 260
9.6.2 The Attack 261
References 262
Index 277
About the Author xiii
Abbreviations xv
Endorsements for Martin Lee's Book xix
1 Introduction 1
1.1 Definitions 1
1.1.1 Intelligence 2
1.1.2 Cyber Threat 3
1.1.3 Cyber Threat Intelligence 4
1.2 History of Threat Intelligence 5
1.2.1 Antiquity 5
1.2.2 Ancient Rome 7
1.2.3 Medieval and Renaissance Age 8
1.2.4 Industrial Age 10
1.2.5 World War I 11
1.2.6 World War II 13
1.2.7 Post War Intelligence 14
1.2.8 Cyber Threat Intelligence 15
1.2.9 Emergence of Private Sector Intelligence Sharing 19
1.3 Utility of Threat Intelligence 21
1.3.1 Developing Cyber Threat Intelligence 23
Summary 24
References 24
2 Threat Environment 31
2.1 Threat 31
2.1.1 Threat Classification 33
2.2 Risk and Vulnerability 35
2.2.1 Human Vulnerabilities 38
2.2.1.1 Example - Business Email Compromise 39
2.2.2 Configuration Vulnerabilities 39
2.2.2.1 Example - Misconfiguration of Cloud Storage 40
2.2.3 Software Vulnerabilities 41
2.2.3.1 Example - Log4j Vulnerabilities 43
2.3 Threat Actors 43
2.3.1 Example - Operation Payback 46
2.3.2 Example - Stuxnet 47
2.3.3 Tracking Threat Actors 47
2.4 TTPs - Tactics, Techniques, and Procedures 49
2.5 Victimology 53
2.5.1 Diamond Model 55
2.6 Threat Landscape 56
2.6.1 Example - Ransomware 57
2.7 Attack Vectors, Vulnerabilities, and Exploits 58
2.7.1 Email Attack Vectors 59
2.7.2 Web-Based Attacks 60
2.7.3 Network Service Attacks 61
2.7.4 Supply Chain Attacks 61
2.8 The Kill Chain 62
2.9 Untargeted versus Targeted Attacks 64
2.10 Persistence 65
2.11 Thinking Like a Threat Actor 66
Summary 66
References 67
3 Applying Intelligence 75
3.1 Planning Intelligence Gathering 75
3.1.1 The Intelligence Programme 77
3.1.2 Principles of Intelligence 78
3.1.3 Intelligence Metrics 81
3.2 The Intelligence Cycle 82
3.2.1 Planning, Requirements, and Direction 83
3.2.2 Collection 84
3.2.3 Analysis and Processing 84
3.2.4 Production 85
3.2.5 Dissemination 85
3.2.6 Review 85
3.3 Situational Awareness 86
3.3.1 Example - 2013 Target Breach 88
3.4 Goal Oriented Security and Threat Modelling 89
3.5 Strategic, Operational, and Tactical Intelligence 91
3.5.1 Strategic Intelligence 91
3.5.1.1 Example - Lazarus Group 92
3.5.2 Operational Intelligence 93
3.5.2.1 Example - SamSam 93
3.5.3 Tactical Intelligence 94
3.5.3.1 Example - WannaCry 94
3.5.4 Sources of Intelligence Reports 94
3.5.4.1 Example - Shamoon 95
3.6 Incident Preparedness and Response 96
3.6.1 Preparation and Practice 99
Summary 100
References 100
4 Collecting Intelligence 105
4.1 Hierarchy of Evidence 105
4.1.1 Example - Smoking Tobacco Risk 107
4.2 Understanding Intelligence 108
4.2.1 Expressing Credibility 109
4.2.2 Expressing Confidence 110
4.2.3 Understanding Errors 114
4.2.3.1 Example - the WannaCry Email 114
4.2.3.2 Example - the Olympic Destroyer False Flags 114
4.3 Third Party Intelligence Reports 115
4.3.1 Tactical and Operational Reports 116
4.3.1.1 Example - Heartbleed 117
4.3.2 Strategic Threat Reports 118
4.4 Internal Incident Reports 118
4.5 Root Cause Analysis 119
4.6 Active Intelligence Gathering 120
4.6.1 Example - the Nightingale Floor 122
4.6.2 Example - the Macron Leaks 122
Summary 123
References 123
5 Generating Intelligence 127
5.1 The Intelligence Cycle in Practice 128
5.1.1 See it, Sense it, Share it, Use it 128
5.1.2 F3EAD Cycle 129
5.1.3 D3A Process 131
5.1.4 Applying the Intelligence Cycle 132
5.1.4.1 Planning and Requirements 132
5.1.4.2 Collection, Analysis, and Processing 133
5.1.4.3 Production and Dissemination 134
5.1.4.4 Feedback and Improvement 135
5.1.4.5 The Intelligence Cycle in Reverse 135
5.2 Sources of Data 136
5.3 Searching Data 137
5.4 Threat Hunting 138
5.4.1 Models of Threat Hunting 139
5.4.2 Analysing Data 140
5.4.3 Entity Behaviour Analytics 143
5.5 Transforming Data into Intelligence 144
5.5.1 Structured Geospatial Analytical Method 144
5.5.2 Analysis of Competing Hypotheses 146
5.5.3 Poor Practices 146
5.6 Sharing Intelligence 147
5.6.1 Machine Readable Intelligence 150
5.7 Measuring the Effectiveness of Generated Intelligence 151
Summary 152
References 152
6 Attribution 155
6.1 Holding Perpetrators to Account 155
6.1.1 Punishment 156
6.1.2 Legal Frameworks 156
6.1.3 Cyber Crime Legislation 157
6.1.4 International Law 158
6.1.5 Crime and Punishment 158
6.2 Standards of Proof 158
6.2.1 Forensic Evidence 159
6.3 Mechanisms of Attribution 160
6.3.1 Attack Attributes 161
6.3.1.1 Attacker TTPs 161
6.3.1.2 Example - HAFNIUM 162
6.3.1.3 Attacker Infrastructure 162
6.3.1.4 Victimology 163
6.3.1.5 Malicious Code 163
6.3.2 Asserting Attribution 165
6.4 Anti- Attribution Techniques 166
6.4.1 Infrastructure 166
6.4.2 Malicious Tools 166
6.4.3 False Attribution 167
6.4.4 Chains of Attribution 167
6.5 Third Party Attribution 167
6.6 Using Attribution 168
Summary 170
References 171
7 Professionalism 175
7.1 Notions of Professionalism 176
7.1.1 Professional Ethics 177
7.2 Developing a New Profession 178
7.2.1 Professional Education 178
7.2.2 Professional Behaviour and Ethics 179
7.2.2.1 Professionalism in Medicine 179
7.2.2.2 Professionalism in Accountancy 181
7.2.2.3 Professionalism in Engineering 183
7.2.3 Certifications and Codes of Ethics 186
7.3 Behaving Ethically 188
7.3.1 The Five Philosophical Approaches 188
7.3.2 The Josephson Model 189
7.3.3 PMI Ethical Decision Making Framework 190
7.4 Legal and Ethical Environment 191
7.4.1 Planning 192
7.4.1.1 Responsible Vulnerability Disclosure 193
7.4.1.2 Vulnerability Hoarding 194
7.4.2 Collection, Analysis, and Processing 194
7.4.2.1 PRISM Programme 195
7.4.2.2 Open and Closed Doors 196
7.4.3 Dissemination 196
7.4.3.1 Doxxing 197
7.5 Managing the Unexpected 198
7.6 Continuous Improvement 199
Summary 199
References 200
8 Future Threats and Conclusion 207
8.1 Emerging Technologies 207
8.1.1 Smart Buildings 208
8.1.1.1 Software Errors 209
8.1.1.2 Example - Maroochy Shire Incident 210
8.1.2 Health Care 211
8.1.2.1 Example - Conti Attack Against Irish Health Sector 212
8.1.3 Transport Systems 213
8.2 Emerging Attacks 214
8.2.1 Threat Actor Evolutions 214
8.2.1.1 Criminal Threat Actors 214
8.2.1.2 Nation State Threat Actors 216
8.2.1.3 Other Threat Actors 220
8.3 Emerging Workforce 221
8.3.1 Job Roles and Skills 221
8.3.2 Diversity in Hiring 225
8.3.3 Growing the Profession 227
8.4 Conclusion 228
References 229
9 Case Studies 237
9.1 Target Compromise 2013 238
9.1.1 Background 238
9.1.2 The Attack 241
9.2 WannaCry 2017 243
9.2.1 Background 244
9.2.1.1 Guardians of Peace 244
9.2.1.2 The Shadow Brokers 245
9.2.1.3 Threat Landscape - Worms and Ransomware 247
9.2.2 The Attack 247
9.2.2.1 Prelude 247
9.2.2.2 Malware 249
9.3 NotPetya 2017 251
9.3.1 Background 251
9.3.2 The Attack 252
9.3.2.1 Distribution 253
9.3.2.2 Payload 253
9.3.2.3 Spread and Consequences 254
9.4 VPNFilter 2018 255
9.4.1 Background 255
9.4.2 The Attack 256
9.5 SUNBURST and SUNSPOT 2020 257
9.5.1 Background 258
9.5.2 The Attack 259
9.6 Macron Leaks 2017 260
9.6.1 Background 260
9.6.2 The Attack 261
References 262
Index 277
Details
| Erscheinungsjahr: | 2023 |
|---|---|
| Genre: | Informatik |
| Rubrik: | Naturwissenschaften & Technik |
| Medium: | Buch |
| Seiten: | 284 |
| Inhalt: | 304 S. |
| ISBN-13: | 9781119861744 |
| ISBN-10: | 1119861748 |
| Sprache: | Englisch |
| Herstellernummer: | 1W119861740 |
| Einband: | Gebunden |
| Autor: | Lee, Martin |
| Hersteller: | Wiley John + Sons |
| Maße: | 235 x 157 x 21 mm |
| Von/Mit: | Martin Lee |
| Erscheinungsdatum: | 17.04.2023 |
| Gewicht: | 0,598 kg |
Über den Autor
Martin Lee is Technical Lead of Security Research within Talos, Cisco's threat intelligence and research organization. Martin started his career researching the genetics of human viruses, but soon switched paths to follow a career in IT. With over 20 years of experience within the cyber security industry, he is CISSP certified, a Chartered Engineer, and holds degrees from the Universities of Bristol, Cambridge, Paris-Sud and Oxford.
Inhaltsverzeichnis
Preface xi
About the Author xiii
Abbreviations xv
Endorsements for Martin Lee's Book xix
1 Introduction 1
1.1 Definitions 1
1.1.1 Intelligence 2
1.1.2 Cyber Threat 3
1.1.3 Cyber Threat Intelligence 4
1.2 History of Threat Intelligence 5
1.2.1 Antiquity 5
1.2.2 Ancient Rome 7
1.2.3 Medieval and Renaissance Age 8
1.2.4 Industrial Age 10
1.2.5 World War I 11
1.2.6 World War II 13
1.2.7 Post War Intelligence 14
1.2.8 Cyber Threat Intelligence 15
1.2.9 Emergence of Private Sector Intelligence Sharing 19
1.3 Utility of Threat Intelligence 21
1.3.1 Developing Cyber Threat Intelligence 23
Summary 24
References 24
2 Threat Environment 31
2.1 Threat 31
2.1.1 Threat Classification 33
2.2 Risk and Vulnerability 35
2.2.1 Human Vulnerabilities 38
2.2.1.1 Example - Business Email Compromise 39
2.2.2 Configuration Vulnerabilities 39
2.2.2.1 Example - Misconfiguration of Cloud Storage 40
2.2.3 Software Vulnerabilities 41
2.2.3.1 Example - Log4j Vulnerabilities 43
2.3 Threat Actors 43
2.3.1 Example - Operation Payback 46
2.3.2 Example - Stuxnet 47
2.3.3 Tracking Threat Actors 47
2.4 TTPs - Tactics, Techniques, and Procedures 49
2.5 Victimology 53
2.5.1 Diamond Model 55
2.6 Threat Landscape 56
2.6.1 Example - Ransomware 57
2.7 Attack Vectors, Vulnerabilities, and Exploits 58
2.7.1 Email Attack Vectors 59
2.7.2 Web-Based Attacks 60
2.7.3 Network Service Attacks 61
2.7.4 Supply Chain Attacks 61
2.8 The Kill Chain 62
2.9 Untargeted versus Targeted Attacks 64
2.10 Persistence 65
2.11 Thinking Like a Threat Actor 66
Summary 66
References 67
3 Applying Intelligence 75
3.1 Planning Intelligence Gathering 75
3.1.1 The Intelligence Programme 77
3.1.2 Principles of Intelligence 78
3.1.3 Intelligence Metrics 81
3.2 The Intelligence Cycle 82
3.2.1 Planning, Requirements, and Direction 83
3.2.2 Collection 84
3.2.3 Analysis and Processing 84
3.2.4 Production 85
3.2.5 Dissemination 85
3.2.6 Review 85
3.3 Situational Awareness 86
3.3.1 Example - 2013 Target Breach 88
3.4 Goal Oriented Security and Threat Modelling 89
3.5 Strategic, Operational, and Tactical Intelligence 91
3.5.1 Strategic Intelligence 91
3.5.1.1 Example - Lazarus Group 92
3.5.2 Operational Intelligence 93
3.5.2.1 Example - SamSam 93
3.5.3 Tactical Intelligence 94
3.5.3.1 Example - WannaCry 94
3.5.4 Sources of Intelligence Reports 94
3.5.4.1 Example - Shamoon 95
3.6 Incident Preparedness and Response 96
3.6.1 Preparation and Practice 99
Summary 100
References 100
4 Collecting Intelligence 105
4.1 Hierarchy of Evidence 105
4.1.1 Example - Smoking Tobacco Risk 107
4.2 Understanding Intelligence 108
4.2.1 Expressing Credibility 109
4.2.2 Expressing Confidence 110
4.2.3 Understanding Errors 114
4.2.3.1 Example - the WannaCry Email 114
4.2.3.2 Example - the Olympic Destroyer False Flags 114
4.3 Third Party Intelligence Reports 115
4.3.1 Tactical and Operational Reports 116
4.3.1.1 Example - Heartbleed 117
4.3.2 Strategic Threat Reports 118
4.4 Internal Incident Reports 118
4.5 Root Cause Analysis 119
4.6 Active Intelligence Gathering 120
4.6.1 Example - the Nightingale Floor 122
4.6.2 Example - the Macron Leaks 122
Summary 123
References 123
5 Generating Intelligence 127
5.1 The Intelligence Cycle in Practice 128
5.1.1 See it, Sense it, Share it, Use it 128
5.1.2 F3EAD Cycle 129
5.1.3 D3A Process 131
5.1.4 Applying the Intelligence Cycle 132
5.1.4.1 Planning and Requirements 132
5.1.4.2 Collection, Analysis, and Processing 133
5.1.4.3 Production and Dissemination 134
5.1.4.4 Feedback and Improvement 135
5.1.4.5 The Intelligence Cycle in Reverse 135
5.2 Sources of Data 136
5.3 Searching Data 137
5.4 Threat Hunting 138
5.4.1 Models of Threat Hunting 139
5.4.2 Analysing Data 140
5.4.3 Entity Behaviour Analytics 143
5.5 Transforming Data into Intelligence 144
5.5.1 Structured Geospatial Analytical Method 144
5.5.2 Analysis of Competing Hypotheses 146
5.5.3 Poor Practices 146
5.6 Sharing Intelligence 147
5.6.1 Machine Readable Intelligence 150
5.7 Measuring the Effectiveness of Generated Intelligence 151
Summary 152
References 152
6 Attribution 155
6.1 Holding Perpetrators to Account 155
6.1.1 Punishment 156
6.1.2 Legal Frameworks 156
6.1.3 Cyber Crime Legislation 157
6.1.4 International Law 158
6.1.5 Crime and Punishment 158
6.2 Standards of Proof 158
6.2.1 Forensic Evidence 159
6.3 Mechanisms of Attribution 160
6.3.1 Attack Attributes 161
6.3.1.1 Attacker TTPs 161
6.3.1.2 Example - HAFNIUM 162
6.3.1.3 Attacker Infrastructure 162
6.3.1.4 Victimology 163
6.3.1.5 Malicious Code 163
6.3.2 Asserting Attribution 165
6.4 Anti- Attribution Techniques 166
6.4.1 Infrastructure 166
6.4.2 Malicious Tools 166
6.4.3 False Attribution 167
6.4.4 Chains of Attribution 167
6.5 Third Party Attribution 167
6.6 Using Attribution 168
Summary 170
References 171
7 Professionalism 175
7.1 Notions of Professionalism 176
7.1.1 Professional Ethics 177
7.2 Developing a New Profession 178
7.2.1 Professional Education 178
7.2.2 Professional Behaviour and Ethics 179
7.2.2.1 Professionalism in Medicine 179
7.2.2.2 Professionalism in Accountancy 181
7.2.2.3 Professionalism in Engineering 183
7.2.3 Certifications and Codes of Ethics 186
7.3 Behaving Ethically 188
7.3.1 The Five Philosophical Approaches 188
7.3.2 The Josephson Model 189
7.3.3 PMI Ethical Decision Making Framework 190
7.4 Legal and Ethical Environment 191
7.4.1 Planning 192
7.4.1.1 Responsible Vulnerability Disclosure 193
7.4.1.2 Vulnerability Hoarding 194
7.4.2 Collection, Analysis, and Processing 194
7.4.2.1 PRISM Programme 195
7.4.2.2 Open and Closed Doors 196
7.4.3 Dissemination 196
7.4.3.1 Doxxing 197
7.5 Managing the Unexpected 198
7.6 Continuous Improvement 199
Summary 199
References 200
8 Future Threats and Conclusion 207
8.1 Emerging Technologies 207
8.1.1 Smart Buildings 208
8.1.1.1 Software Errors 209
8.1.1.2 Example - Maroochy Shire Incident 210
8.1.2 Health Care 211
8.1.2.1 Example - Conti Attack Against Irish Health Sector 212
8.1.3 Transport Systems 213
8.2 Emerging Attacks 214
8.2.1 Threat Actor Evolutions 214
8.2.1.1 Criminal Threat Actors 214
8.2.1.2 Nation State Threat Actors 216
8.2.1.3 Other Threat Actors 220
8.3 Emerging Workforce 221
8.3.1 Job Roles and Skills 221
8.3.2 Diversity in Hiring 225
8.3.3 Growing the Profession 227
8.4 Conclusion 228
References 229
9 Case Studies 237
9.1 Target Compromise 2013 238
9.1.1 Background 238
9.1.2 The Attack 241
9.2 WannaCry 2017 243
9.2.1 Background 244
9.2.1.1 Guardians of Peace 244
9.2.1.2 The Shadow Brokers 245
9.2.1.3 Threat Landscape - Worms and Ransomware 247
9.2.2 The Attack 247
9.2.2.1 Prelude 247
9.2.2.2 Malware 249
9.3 NotPetya 2017 251
9.3.1 Background 251
9.3.2 The Attack 252
9.3.2.1 Distribution 253
9.3.2.2 Payload 253
9.3.2.3 Spread and Consequences 254
9.4 VPNFilter 2018 255
9.4.1 Background 255
9.4.2 The Attack 256
9.5 SUNBURST and SUNSPOT 2020 257
9.5.1 Background 258
9.5.2 The Attack 259
9.6 Macron Leaks 2017 260
9.6.1 Background 260
9.6.2 The Attack 261
References 262
Index 277
About the Author xiii
Abbreviations xv
Endorsements for Martin Lee's Book xix
1 Introduction 1
1.1 Definitions 1
1.1.1 Intelligence 2
1.1.2 Cyber Threat 3
1.1.3 Cyber Threat Intelligence 4
1.2 History of Threat Intelligence 5
1.2.1 Antiquity 5
1.2.2 Ancient Rome 7
1.2.3 Medieval and Renaissance Age 8
1.2.4 Industrial Age 10
1.2.5 World War I 11
1.2.6 World War II 13
1.2.7 Post War Intelligence 14
1.2.8 Cyber Threat Intelligence 15
1.2.9 Emergence of Private Sector Intelligence Sharing 19
1.3 Utility of Threat Intelligence 21
1.3.1 Developing Cyber Threat Intelligence 23
Summary 24
References 24
2 Threat Environment 31
2.1 Threat 31
2.1.1 Threat Classification 33
2.2 Risk and Vulnerability 35
2.2.1 Human Vulnerabilities 38
2.2.1.1 Example - Business Email Compromise 39
2.2.2 Configuration Vulnerabilities 39
2.2.2.1 Example - Misconfiguration of Cloud Storage 40
2.2.3 Software Vulnerabilities 41
2.2.3.1 Example - Log4j Vulnerabilities 43
2.3 Threat Actors 43
2.3.1 Example - Operation Payback 46
2.3.2 Example - Stuxnet 47
2.3.3 Tracking Threat Actors 47
2.4 TTPs - Tactics, Techniques, and Procedures 49
2.5 Victimology 53
2.5.1 Diamond Model 55
2.6 Threat Landscape 56
2.6.1 Example - Ransomware 57
2.7 Attack Vectors, Vulnerabilities, and Exploits 58
2.7.1 Email Attack Vectors 59
2.7.2 Web-Based Attacks 60
2.7.3 Network Service Attacks 61
2.7.4 Supply Chain Attacks 61
2.8 The Kill Chain 62
2.9 Untargeted versus Targeted Attacks 64
2.10 Persistence 65
2.11 Thinking Like a Threat Actor 66
Summary 66
References 67
3 Applying Intelligence 75
3.1 Planning Intelligence Gathering 75
3.1.1 The Intelligence Programme 77
3.1.2 Principles of Intelligence 78
3.1.3 Intelligence Metrics 81
3.2 The Intelligence Cycle 82
3.2.1 Planning, Requirements, and Direction 83
3.2.2 Collection 84
3.2.3 Analysis and Processing 84
3.2.4 Production 85
3.2.5 Dissemination 85
3.2.6 Review 85
3.3 Situational Awareness 86
3.3.1 Example - 2013 Target Breach 88
3.4 Goal Oriented Security and Threat Modelling 89
3.5 Strategic, Operational, and Tactical Intelligence 91
3.5.1 Strategic Intelligence 91
3.5.1.1 Example - Lazarus Group 92
3.5.2 Operational Intelligence 93
3.5.2.1 Example - SamSam 93
3.5.3 Tactical Intelligence 94
3.5.3.1 Example - WannaCry 94
3.5.4 Sources of Intelligence Reports 94
3.5.4.1 Example - Shamoon 95
3.6 Incident Preparedness and Response 96
3.6.1 Preparation and Practice 99
Summary 100
References 100
4 Collecting Intelligence 105
4.1 Hierarchy of Evidence 105
4.1.1 Example - Smoking Tobacco Risk 107
4.2 Understanding Intelligence 108
4.2.1 Expressing Credibility 109
4.2.2 Expressing Confidence 110
4.2.3 Understanding Errors 114
4.2.3.1 Example - the WannaCry Email 114
4.2.3.2 Example - the Olympic Destroyer False Flags 114
4.3 Third Party Intelligence Reports 115
4.3.1 Tactical and Operational Reports 116
4.3.1.1 Example - Heartbleed 117
4.3.2 Strategic Threat Reports 118
4.4 Internal Incident Reports 118
4.5 Root Cause Analysis 119
4.6 Active Intelligence Gathering 120
4.6.1 Example - the Nightingale Floor 122
4.6.2 Example - the Macron Leaks 122
Summary 123
References 123
5 Generating Intelligence 127
5.1 The Intelligence Cycle in Practice 128
5.1.1 See it, Sense it, Share it, Use it 128
5.1.2 F3EAD Cycle 129
5.1.3 D3A Process 131
5.1.4 Applying the Intelligence Cycle 132
5.1.4.1 Planning and Requirements 132
5.1.4.2 Collection, Analysis, and Processing 133
5.1.4.3 Production and Dissemination 134
5.1.4.4 Feedback and Improvement 135
5.1.4.5 The Intelligence Cycle in Reverse 135
5.2 Sources of Data 136
5.3 Searching Data 137
5.4 Threat Hunting 138
5.4.1 Models of Threat Hunting 139
5.4.2 Analysing Data 140
5.4.3 Entity Behaviour Analytics 143
5.5 Transforming Data into Intelligence 144
5.5.1 Structured Geospatial Analytical Method 144
5.5.2 Analysis of Competing Hypotheses 146
5.5.3 Poor Practices 146
5.6 Sharing Intelligence 147
5.6.1 Machine Readable Intelligence 150
5.7 Measuring the Effectiveness of Generated Intelligence 151
Summary 152
References 152
6 Attribution 155
6.1 Holding Perpetrators to Account 155
6.1.1 Punishment 156
6.1.2 Legal Frameworks 156
6.1.3 Cyber Crime Legislation 157
6.1.4 International Law 158
6.1.5 Crime and Punishment 158
6.2 Standards of Proof 158
6.2.1 Forensic Evidence 159
6.3 Mechanisms of Attribution 160
6.3.1 Attack Attributes 161
6.3.1.1 Attacker TTPs 161
6.3.1.2 Example - HAFNIUM 162
6.3.1.3 Attacker Infrastructure 162
6.3.1.4 Victimology 163
6.3.1.5 Malicious Code 163
6.3.2 Asserting Attribution 165
6.4 Anti- Attribution Techniques 166
6.4.1 Infrastructure 166
6.4.2 Malicious Tools 166
6.4.3 False Attribution 167
6.4.4 Chains of Attribution 167
6.5 Third Party Attribution 167
6.6 Using Attribution 168
Summary 170
References 171
7 Professionalism 175
7.1 Notions of Professionalism 176
7.1.1 Professional Ethics 177
7.2 Developing a New Profession 178
7.2.1 Professional Education 178
7.2.2 Professional Behaviour and Ethics 179
7.2.2.1 Professionalism in Medicine 179
7.2.2.2 Professionalism in Accountancy 181
7.2.2.3 Professionalism in Engineering 183
7.2.3 Certifications and Codes of Ethics 186
7.3 Behaving Ethically 188
7.3.1 The Five Philosophical Approaches 188
7.3.2 The Josephson Model 189
7.3.3 PMI Ethical Decision Making Framework 190
7.4 Legal and Ethical Environment 191
7.4.1 Planning 192
7.4.1.1 Responsible Vulnerability Disclosure 193
7.4.1.2 Vulnerability Hoarding 194
7.4.2 Collection, Analysis, and Processing 194
7.4.2.1 PRISM Programme 195
7.4.2.2 Open and Closed Doors 196
7.4.3 Dissemination 196
7.4.3.1 Doxxing 197
7.5 Managing the Unexpected 198
7.6 Continuous Improvement 199
Summary 199
References 200
8 Future Threats and Conclusion 207
8.1 Emerging Technologies 207
8.1.1 Smart Buildings 208
8.1.1.1 Software Errors 209
8.1.1.2 Example - Maroochy Shire Incident 210
8.1.2 Health Care 211
8.1.2.1 Example - Conti Attack Against Irish Health Sector 212
8.1.3 Transport Systems 213
8.2 Emerging Attacks 214
8.2.1 Threat Actor Evolutions 214
8.2.1.1 Criminal Threat Actors 214
8.2.1.2 Nation State Threat Actors 216
8.2.1.3 Other Threat Actors 220
8.3 Emerging Workforce 221
8.3.1 Job Roles and Skills 221
8.3.2 Diversity in Hiring 225
8.3.3 Growing the Profession 227
8.4 Conclusion 228
References 229
9 Case Studies 237
9.1 Target Compromise 2013 238
9.1.1 Background 238
9.1.2 The Attack 241
9.2 WannaCry 2017 243
9.2.1 Background 244
9.2.1.1 Guardians of Peace 244
9.2.1.2 The Shadow Brokers 245
9.2.1.3 Threat Landscape - Worms and Ransomware 247
9.2.2 The Attack 247
9.2.2.1 Prelude 247
9.2.2.2 Malware 249
9.3 NotPetya 2017 251
9.3.1 Background 251
9.3.2 The Attack 252
9.3.2.1 Distribution 253
9.3.2.2 Payload 253
9.3.2.3 Spread and Consequences 254
9.4 VPNFilter 2018 255
9.4.1 Background 255
9.4.2 The Attack 256
9.5 SUNBURST and SUNSPOT 2020 257
9.5.1 Background 258
9.5.2 The Attack 259
9.6 Macron Leaks 2017 260
9.6.1 Background 260
9.6.2 The Attack 261
References 262
Index 277
Details
| Erscheinungsjahr: | 2023 |
|---|---|
| Genre: | Informatik |
| Rubrik: | Naturwissenschaften & Technik |
| Medium: | Buch |
| Seiten: | 284 |
| Inhalt: | 304 S. |
| ISBN-13: | 9781119861744 |
| ISBN-10: | 1119861748 |
| Sprache: | Englisch |
| Herstellernummer: | 1W119861740 |
| Einband: | Gebunden |
| Autor: | Lee, Martin |
| Hersteller: | Wiley John + Sons |
| Maße: | 235 x 157 x 21 mm |
| Von/Mit: | Martin Lee |
| Erscheinungsdatum: | 17.04.2023 |
| Gewicht: | 0,598 kg |
Warnhinweis
Ähnliche Produkte
Taschenbuch
Lieferzeit 1-2 Werktage
Taschenbuch
Lieferzeit 1-2 Werktage
Taschenbuch
Aktuell nicht verfügbar
Buch
Aktuell nicht verfügbar
Buch
Lieferzeit 1-2 Wochen
Taschenbuch
Taschenbuch
