Dekorationsartikel gehören nicht zum Leistungsumfang.
Sprache:
Englisch
41,75 €*
Versandkostenfrei per Post / DHL
Lieferzeit 1-2 Wochen
Kategorien:
Beschreibung
Implement a vendor-neutral and multi-cloud cybersecurity and risk mitigation framework with advice from seasoned threat hunting pros
In Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks, celebrated cybersecurity professionals and authors Chris Peiris, Binil Pillai, and Abbas Kudrati leverage their decades of experience building large scale cyber fusion centers to deliver the ideal threat hunting resource for both business and technical audiences. You'll find insightful analyses of cloud platform security tools and, using the industry leading MITRE ATT&CK framework, discussions of the most common threat vectors.
You'll discover how to build a side-by-side cybersecurity fusion center on both Microsoft Azure and Amazon Web Services and deliver a multi-cloud strategy for enterprise customers. And you will find out how to create a vendor-neutral environment with rapid disaster recovery capability for maximum risk mitigation.
With this book you'll learn:
* Key business and technical drivers of cybersecurity threat hunting frameworks in today's technological environment
* Metrics available to assess threat hunting effectiveness regardless of an organization's size
* How threat hunting works with vendor-specific single cloud security offerings and on multi-cloud implementations
* A detailed analysis of key threat vectors such as email phishing, ransomware and nation state attacks
* Comprehensive AWS and Azure "how to" solutions through the lens of MITRE Threat Hunting Framework Tactics, Techniques and Procedures (TTPs)
* Azure and AWS risk mitigation strategies to combat key TTPs such as privilege escalation, credential theft, lateral movement, defend against command & control systems, and prevent data exfiltration
* Tools available on both the Azure and AWS cloud platforms which provide automated responses to attacks, and orchestrate preventative measures and recovery strategies
* Many critical components for successful adoption of multi-cloud threat hunting framework such as Threat Hunting Maturity Model, Zero Trust Computing, Human Elements of Threat Hunting, Integration of Threat Hunting with Security Operation Centers (SOCs) and Cyber Fusion Centers
* The Future of Threat Hunting with the advances in Artificial Intelligence, Machine Learning, Quantum Computing and the proliferation of IoT devices.
Perfect for technical executives (i.e., CTO, CISO), technical managers, architects, system admins and consultants with hands-on responsibility for cloud platforms, Threat Hunting in the Cloud is also an indispensable guide for business executives (i.e., CFO, COO CEO, board members) and managers who need to understand their organization's cybersecurity risk framework and mitigation strategy.
In Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks, celebrated cybersecurity professionals and authors Chris Peiris, Binil Pillai, and Abbas Kudrati leverage their decades of experience building large scale cyber fusion centers to deliver the ideal threat hunting resource for both business and technical audiences. You'll find insightful analyses of cloud platform security tools and, using the industry leading MITRE ATT&CK framework, discussions of the most common threat vectors.
You'll discover how to build a side-by-side cybersecurity fusion center on both Microsoft Azure and Amazon Web Services and deliver a multi-cloud strategy for enterprise customers. And you will find out how to create a vendor-neutral environment with rapid disaster recovery capability for maximum risk mitigation.
With this book you'll learn:
* Key business and technical drivers of cybersecurity threat hunting frameworks in today's technological environment
* Metrics available to assess threat hunting effectiveness regardless of an organization's size
* How threat hunting works with vendor-specific single cloud security offerings and on multi-cloud implementations
* A detailed analysis of key threat vectors such as email phishing, ransomware and nation state attacks
* Comprehensive AWS and Azure "how to" solutions through the lens of MITRE Threat Hunting Framework Tactics, Techniques and Procedures (TTPs)
* Azure and AWS risk mitigation strategies to combat key TTPs such as privilege escalation, credential theft, lateral movement, defend against command & control systems, and prevent data exfiltration
* Tools available on both the Azure and AWS cloud platforms which provide automated responses to attacks, and orchestrate preventative measures and recovery strategies
* Many critical components for successful adoption of multi-cloud threat hunting framework such as Threat Hunting Maturity Model, Zero Trust Computing, Human Elements of Threat Hunting, Integration of Threat Hunting with Security Operation Centers (SOCs) and Cyber Fusion Centers
* The Future of Threat Hunting with the advances in Artificial Intelligence, Machine Learning, Quantum Computing and the proliferation of IoT devices.
Perfect for technical executives (i.e., CTO, CISO), technical managers, architects, system admins and consultants with hands-on responsibility for cloud platforms, Threat Hunting in the Cloud is also an indispensable guide for business executives (i.e., CFO, COO CEO, board members) and managers who need to understand their organization's cybersecurity risk framework and mitigation strategy.
Implement a vendor-neutral and multi-cloud cybersecurity and risk mitigation framework with advice from seasoned threat hunting pros
In Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks, celebrated cybersecurity professionals and authors Chris Peiris, Binil Pillai, and Abbas Kudrati leverage their decades of experience building large scale cyber fusion centers to deliver the ideal threat hunting resource for both business and technical audiences. You'll find insightful analyses of cloud platform security tools and, using the industry leading MITRE ATT&CK framework, discussions of the most common threat vectors.
You'll discover how to build a side-by-side cybersecurity fusion center on both Microsoft Azure and Amazon Web Services and deliver a multi-cloud strategy for enterprise customers. And you will find out how to create a vendor-neutral environment with rapid disaster recovery capability for maximum risk mitigation.
With this book you'll learn:
* Key business and technical drivers of cybersecurity threat hunting frameworks in today's technological environment
* Metrics available to assess threat hunting effectiveness regardless of an organization's size
* How threat hunting works with vendor-specific single cloud security offerings and on multi-cloud implementations
* A detailed analysis of key threat vectors such as email phishing, ransomware and nation state attacks
* Comprehensive AWS and Azure "how to" solutions through the lens of MITRE Threat Hunting Framework Tactics, Techniques and Procedures (TTPs)
* Azure and AWS risk mitigation strategies to combat key TTPs such as privilege escalation, credential theft, lateral movement, defend against command & control systems, and prevent data exfiltration
* Tools available on both the Azure and AWS cloud platforms which provide automated responses to attacks, and orchestrate preventative measures and recovery strategies
* Many critical components for successful adoption of multi-cloud threat hunting framework such as Threat Hunting Maturity Model, Zero Trust Computing, Human Elements of Threat Hunting, Integration of Threat Hunting with Security Operation Centers (SOCs) and Cyber Fusion Centers
* The Future of Threat Hunting with the advances in Artificial Intelligence, Machine Learning, Quantum Computing and the proliferation of IoT devices.
Perfect for technical executives (i.e., CTO, CISO), technical managers, architects, system admins and consultants with hands-on responsibility for cloud platforms, Threat Hunting in the Cloud is also an indispensable guide for business executives (i.e., CFO, COO CEO, board members) and managers who need to understand their organization's cybersecurity risk framework and mitigation strategy.
In Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks, celebrated cybersecurity professionals and authors Chris Peiris, Binil Pillai, and Abbas Kudrati leverage their decades of experience building large scale cyber fusion centers to deliver the ideal threat hunting resource for both business and technical audiences. You'll find insightful analyses of cloud platform security tools and, using the industry leading MITRE ATT&CK framework, discussions of the most common threat vectors.
You'll discover how to build a side-by-side cybersecurity fusion center on both Microsoft Azure and Amazon Web Services and deliver a multi-cloud strategy for enterprise customers. And you will find out how to create a vendor-neutral environment with rapid disaster recovery capability for maximum risk mitigation.
With this book you'll learn:
* Key business and technical drivers of cybersecurity threat hunting frameworks in today's technological environment
* Metrics available to assess threat hunting effectiveness regardless of an organization's size
* How threat hunting works with vendor-specific single cloud security offerings and on multi-cloud implementations
* A detailed analysis of key threat vectors such as email phishing, ransomware and nation state attacks
* Comprehensive AWS and Azure "how to" solutions through the lens of MITRE Threat Hunting Framework Tactics, Techniques and Procedures (TTPs)
* Azure and AWS risk mitigation strategies to combat key TTPs such as privilege escalation, credential theft, lateral movement, defend against command & control systems, and prevent data exfiltration
* Tools available on both the Azure and AWS cloud platforms which provide automated responses to attacks, and orchestrate preventative measures and recovery strategies
* Many critical components for successful adoption of multi-cloud threat hunting framework such as Threat Hunting Maturity Model, Zero Trust Computing, Human Elements of Threat Hunting, Integration of Threat Hunting with Security Operation Centers (SOCs) and Cyber Fusion Centers
* The Future of Threat Hunting with the advances in Artificial Intelligence, Machine Learning, Quantum Computing and the proliferation of IoT devices.
Perfect for technical executives (i.e., CTO, CISO), technical managers, architects, system admins and consultants with hands-on responsibility for cloud platforms, Threat Hunting in the Cloud is also an indispensable guide for business executives (i.e., CFO, COO CEO, board members) and managers who need to understand their organization's cybersecurity risk framework and mitigation strategy.
Über den Autor
CHRIS PEIRIS, PhD, has advised Fortune 500 companies, Federal and State Governments, and Defense and Intelligence entities in the Americas, Asia, Japan, Europe, and Australia New Zealand. He has 25+ years of IT industry experience. He is the author of 10 published books and is a highly sought-after keynote speaker.
BINIL PILLAI is a Microsoft Global Security Compliance and Identity (SCI) Director for Strategy and Business Development focusing on the Small Medium Enterprise segment. He has 21+ years of experience in B2B cybersecurity, digital transformation, and management consulting. He is also a board advisor to several start-ups to help grow their businesses successfully.
ABBAS KUDRATI is a CISO and cybersecurity practitioner. He is currently Microsoft Asia's Lead Chief Cybersecurity Advisor for the Security Solution Area and serves as Executive Advisor to Deakin University, LaTrobe University, HITRUST ASIA, and EC Council ASIA.
Inhaltsverzeichnis
Foreword xxxi
Introduction xxxiii
Part I Threat Hunting Frameworks 1
Chapter 1 Introduction to Threat Hunting 3
The Rise of Cybercrime 4
What Is Threat Hunting? 6
The Key Cyberthreats and Threat Actors 7
Phishing 7
Ransomware 8
Nation State 10
The Necessity of Threat Hunting 14
Does the Organization's Size Matter? 17
Threat Modeling 19
Threat-Hunting
Maturity Model 23
Organization Maturity and Readiness 23
Level 0: INITIAL 24
Level 1: MINIMAL 25
Level 2: PROCEDURAL 25
Level 3: INNOVATIVE 25
Level 4: LEADING 25
Human Elements of Threat Hunting 26
How Do You Make the Board of Directors Cyber-Smart? 27
Threat-Hunting Team Structure 30
External Model 30
Dedicated Internal Hunting Team Model 30
Combined/Hybrid Team Model 30
Periodic Hunt Teams Model 30
Urgent Need for Human-Led Threat Hunting 31
The Threat Hunter's Role 31
Summary 33
Chapter 2 Modern Approach to Multi-Cloud Threat Hunting 35
Multi-Cloud Threat Hunting 35
Multi-Tenant Cloud Environment 38
Threat Hunting in Multi-Cloud and Multi-Tenant Environments 39
Building Blocks for the Security Operations Center 41
Scope and Type of SOC 43
Services, Not Just Monitoring 43
SOC Model 43
Define a Process for Identifying and Managing Threats 44
Tools and Technologies to Empower SOC 44
People (Specialized Teams) 45
Cyberthreat Detection, Threat Modeling, and the Need for Proactive Threat Hunting Within SOC 46
Cyberthreat Detection 46
Threat-Hunting Goals and Objectives 49
Threat Modeling and SOC 50
The Need for a Proactive Hunting Team Within SOC 50
Assume Breach and Be Proactive 51
Invest in People 51
Develop an Informed Hypothesis 52
Cyber Resiliency and Organizational Culture 53
Skillsets Required for Threat Hunting 54
Security Analysis 55
Data Analysis 56
Programming Languages 56
Analytical Mindset 56
Soft Skills 56
Outsourcing 56
Threat-Hunting Process and Procedures 57
Metrics for Assessing the Effectiveness of Threat Hunting 58
Foundational Metrics 58
Operational Metrics 59
Threat-Hunting Program Effectiveness 61
Summary 62
Chapter 3 Exploration of MITRE Key Attack Vectors 63
Understanding MITRE ATT&CK 63
What Is MITRE ATT&CK Used For? 64
How Is MITRE ATT&CK Used and Who Uses It? 65
How Is Testing Done According to MITRE? 65
Tactics 67
Techniques 67
Threat Hunting Using Five Common Tactics 69
Privilege Escalation 71
Case Study 72
Credential Access 73
Case Study 74
Lateral Movement 75
Case Study 75
Command and Control 77
Case Study 77
Exfiltration 79
Case Study 79
Other Methodologies and Key Threat-Hunting Tools to Combat
Attack Vectors 80
Zero Trust 80
Threat Intelligence and Zero Trust 83
Build Cloud-Based Defense-in-Depth 84
Analysis Tools 86
Microsoft Tools 86
Connect To All Your Data 87
Workbooks 88
Analytics 88
Security Automation and Orchestration 90
Investigation 91
Hunting 92
Community 92
AWS Tools 93
Analyzing Logs Directly 93
SIEMs in the Cloud 94
Summary 95
Resources 96
Part II Hunting in Microsoft Azure 99
Chapter 4 Microsoft Azure Cloud Threat Prevention Framework 101
Introduction to Microsoft Security 102
Understanding the Shared Responsibility Model 102
Microsoft Services for Cloud Security Posture Management and Logging/Monitoring 105
Overview of Azure Security Center and Azure Defender 105
Overview of Microsoft Azure Sentinel 108
Using Microsoft Secure and Protect Features 112
Identity & Access Management 113
Infrastructure & Network 114
Data & Application 115
Customer Access 115
Using Azure Web Application Firewall to Protect a Website Against an "Initial Access" TTP 116
Using Microsoft Defender for Office 365 to Protect Against an "Initial Access" TTP 118
Using Microsoft Defender Endpoint to Protect Against an "Initial Access" TTP 121
Using Azure Conditional Access to Protect Against an "Initial Access" TTP 123
Microsoft Detect Services 127
Detecting "Privilege Escalation" TTPs 128
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Privilege Escalation" TTP 128
Detecting Credential Access 131
Using Azure Identity Protection to Detect Threats Against a "Credential Access" TTP 132
Steps to Configure and Enable Risk Polices (Sign-in Risk and User Risk) 134
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Credential Access" TTP 137
Detecting Lateral Movement 139
Using Just-in-Time in ASC to Protect and Detect Threats Against a "Lateral Movement" TTP 139
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Lateral Movement" TTP 144
Detecting Command and Control 145
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Command and Control" TTP 146
Detecting Data Exfiltration 147
Using Azure Information Protection to Detect Threats Against a "Data Exfiltration" TTP 148
Discovering Sensitive Content Using AIP 149
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Data Exfiltration" TTP 153
Detecting Threats and Proactively Hunting with Microsoft 365 Defender 154
Microsoft Investigate, Response, and Recover Features 155
Automating Investigation and Remediation with Microsoft Defender for Endpoint 157
Using Microsoft Threat Expert Support for Remediation and Investigation 159
Targeted Attack Notification 159
Experts on Demand 161
Automating Security Response with MCAS and Microsoft Flow 166
Step 1: Generate Your API Token in Cloud App Security 167
Step 2: Create Your Trigger in Microsoft Flow 167
Step 3: Create the Teams Message Action in Microsoft Flow 168
Step 4: Generate an Email in Microsoft Flow 168
Connecting the Flow in Cloud App Security 169
Performing an Automated Response Using Azure Security Center 170
Using Machine Learning and Artificial Intelligence in Threat Response 172
Overview of Fusion Detections 173
Overview of Azure Machine Learning 174
Summary 182
Chapter 5 Microsoft Cybersecurity Reference Architecture and Capability Map 183
Introduction 183
Microsoft Security Architecture versus the NIST Cybersecurity Framework (CSF) 184
Microsoft Security Architecture 185
The Identify Function 186
The Protect Function 187
The Detect Function 188
The Respond Function 189
The Recover Function 189
Using the Microsoft Reference Architecture 190
Microsoft Threat Intelligence 190
Service Trust Portal 192
Security Development Lifecycle (SDL) 193
Protecting the Hybrid Cloud Infrastructure 194
Azure Marketplace 194
Private Link 195
Azure Arc 196
Azure Lighthouse 197
Azure Firewall 198
Azure Web Application Firewall (WAF) 200
Azure DDOS Protection 200
Azure Key Vault 201
Azure Bastion 202
Azure Site Recovery 204
Azure Security Center (ASC) 205
Microsoft Azure Secure Score 205
Protecting Endpoints and Clients 206
Microsoft Endpoint Manager (MEM) Configuration Manager 207
Microsoft Intune 208
Protecting Identities and Access 209
Azure AD Conditional Access 210
Passwordless for End-to-End
Secure Identity 211
Azure Active Directory (aka Azure AD) 211
Azure MFA 211
Azure Active Directory Identity Protection 212
Azure Active Directory Privilege Identity
Management (PIM) 213
Microsoft Defender for Identity 214
Azure AD B2B and B2C 215
Azure AD Identity Governance 215
Protecting SaaS Apps 216
Protecting Data and Information 219
Azure Purview 220
Microsoft Information Protection (MIP) 221
Azure Information Protection Unified Labeling Scanner (File Scanner) 222
The Advanced eDiscovery Solution in Microsoft 365 223
Compliance Manager 224
Protecting IoT and Operation Technology 225
Security Concerns with IoT 226
Understanding That IoT Cybersecurity Starts with a Threat Model 227
Microsoft Investment in IoT Technology 229
Azure Sphere 229
Azure Defender 229
Azure Defender for IoT 230
Threat Modeling for the Azure IoT Reference Architecture 230
Azure Defender for IoT Architecture (Agentless Solutions) 233
Azure Defender for IoT Architecture (Agent-based solutions) 234
Understanding the Security Operations Solutions 235
Understanding the People Security Solutions 236
Attack Simulator 237
Insider Risk Management (IRM) 237
Communication Compliance 239
Summary 240
Part III Hunting in AWS 241
Chapter 6 AWS Cloud Threat Prevention Framework 243
Introduction to AWS Well-Architected Framework 244
The Five Pillars of the Well-Architected Framework 245
Operational Excellence 246
Security 246
Reliability 246
Performance Efficiency 246
Cost Optimization 246
The Shared Responsibility Model 246
AWS Services for Monitoring, Logging, and Alerting 248
AWS CloudTrail 249
Amazon CloudWatch Logs 251
Amazon VPC Flow Logs 252
Amazon GuardDuty 253
AWS Security Hub 254
AWS Protect Features 256
How Do You Prevent Initial Access? 256
How Do You Protect APIs from SQL Injection Attacks Using API
Gateway and AWS WAF? 256
Prerequisites 257
Create an API 257
Create and Configure an AWS WAF 259
AWS Detection Features 263
How Do You Detect Privilege Escalation? 263
How Do You Detect the Abuse of Valid Account to Obtain High-Level Permissions? 264
Prerequisites 264
Configure GuardDuty to Detect Privilege Escalation 265
Reviewing the Findings 266
How Do You Detect Credential Access? 269
How Do You Detect Unsecured Credentials? 269
Prerequisites 270
Reviewing the Findings 274
How Do You Detect Lateral Movement? 276
How Do You Detect the Use of Stolen Alternate Authentication Material? 277
Prerequisites 277
How Do You Detect Potential Unauthorized Access to Your AWS Resources? 277
Reviewing the Findings 278
How Do You Detect Command and Control? 280
How Do You Detect the Communications to a Command and Control Server Using the Domain Name System (DNS)? 281
Prerequisites 281
How Do You Detect EC2 Instance Communication with a Command and Control (C&C) Server Using DNS 281
Reviewing the Findings 282
How Do You Detect Data Exfiltration? 284
Prerequisites 285
How Do You Detect the Exfiltration Using...
Introduction xxxiii
Part I Threat Hunting Frameworks 1
Chapter 1 Introduction to Threat Hunting 3
The Rise of Cybercrime 4
What Is Threat Hunting? 6
The Key Cyberthreats and Threat Actors 7
Phishing 7
Ransomware 8
Nation State 10
The Necessity of Threat Hunting 14
Does the Organization's Size Matter? 17
Threat Modeling 19
Threat-Hunting
Maturity Model 23
Organization Maturity and Readiness 23
Level 0: INITIAL 24
Level 1: MINIMAL 25
Level 2: PROCEDURAL 25
Level 3: INNOVATIVE 25
Level 4: LEADING 25
Human Elements of Threat Hunting 26
How Do You Make the Board of Directors Cyber-Smart? 27
Threat-Hunting Team Structure 30
External Model 30
Dedicated Internal Hunting Team Model 30
Combined/Hybrid Team Model 30
Periodic Hunt Teams Model 30
Urgent Need for Human-Led Threat Hunting 31
The Threat Hunter's Role 31
Summary 33
Chapter 2 Modern Approach to Multi-Cloud Threat Hunting 35
Multi-Cloud Threat Hunting 35
Multi-Tenant Cloud Environment 38
Threat Hunting in Multi-Cloud and Multi-Tenant Environments 39
Building Blocks for the Security Operations Center 41
Scope and Type of SOC 43
Services, Not Just Monitoring 43
SOC Model 43
Define a Process for Identifying and Managing Threats 44
Tools and Technologies to Empower SOC 44
People (Specialized Teams) 45
Cyberthreat Detection, Threat Modeling, and the Need for Proactive Threat Hunting Within SOC 46
Cyberthreat Detection 46
Threat-Hunting Goals and Objectives 49
Threat Modeling and SOC 50
The Need for a Proactive Hunting Team Within SOC 50
Assume Breach and Be Proactive 51
Invest in People 51
Develop an Informed Hypothesis 52
Cyber Resiliency and Organizational Culture 53
Skillsets Required for Threat Hunting 54
Security Analysis 55
Data Analysis 56
Programming Languages 56
Analytical Mindset 56
Soft Skills 56
Outsourcing 56
Threat-Hunting Process and Procedures 57
Metrics for Assessing the Effectiveness of Threat Hunting 58
Foundational Metrics 58
Operational Metrics 59
Threat-Hunting Program Effectiveness 61
Summary 62
Chapter 3 Exploration of MITRE Key Attack Vectors 63
Understanding MITRE ATT&CK 63
What Is MITRE ATT&CK Used For? 64
How Is MITRE ATT&CK Used and Who Uses It? 65
How Is Testing Done According to MITRE? 65
Tactics 67
Techniques 67
Threat Hunting Using Five Common Tactics 69
Privilege Escalation 71
Case Study 72
Credential Access 73
Case Study 74
Lateral Movement 75
Case Study 75
Command and Control 77
Case Study 77
Exfiltration 79
Case Study 79
Other Methodologies and Key Threat-Hunting Tools to Combat
Attack Vectors 80
Zero Trust 80
Threat Intelligence and Zero Trust 83
Build Cloud-Based Defense-in-Depth 84
Analysis Tools 86
Microsoft Tools 86
Connect To All Your Data 87
Workbooks 88
Analytics 88
Security Automation and Orchestration 90
Investigation 91
Hunting 92
Community 92
AWS Tools 93
Analyzing Logs Directly 93
SIEMs in the Cloud 94
Summary 95
Resources 96
Part II Hunting in Microsoft Azure 99
Chapter 4 Microsoft Azure Cloud Threat Prevention Framework 101
Introduction to Microsoft Security 102
Understanding the Shared Responsibility Model 102
Microsoft Services for Cloud Security Posture Management and Logging/Monitoring 105
Overview of Azure Security Center and Azure Defender 105
Overview of Microsoft Azure Sentinel 108
Using Microsoft Secure and Protect Features 112
Identity & Access Management 113
Infrastructure & Network 114
Data & Application 115
Customer Access 115
Using Azure Web Application Firewall to Protect a Website Against an "Initial Access" TTP 116
Using Microsoft Defender for Office 365 to Protect Against an "Initial Access" TTP 118
Using Microsoft Defender Endpoint to Protect Against an "Initial Access" TTP 121
Using Azure Conditional Access to Protect Against an "Initial Access" TTP 123
Microsoft Detect Services 127
Detecting "Privilege Escalation" TTPs 128
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Privilege Escalation" TTP 128
Detecting Credential Access 131
Using Azure Identity Protection to Detect Threats Against a "Credential Access" TTP 132
Steps to Configure and Enable Risk Polices (Sign-in Risk and User Risk) 134
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Credential Access" TTP 137
Detecting Lateral Movement 139
Using Just-in-Time in ASC to Protect and Detect Threats Against a "Lateral Movement" TTP 139
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Lateral Movement" TTP 144
Detecting Command and Control 145
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Command and Control" TTP 146
Detecting Data Exfiltration 147
Using Azure Information Protection to Detect Threats Against a "Data Exfiltration" TTP 148
Discovering Sensitive Content Using AIP 149
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Data Exfiltration" TTP 153
Detecting Threats and Proactively Hunting with Microsoft 365 Defender 154
Microsoft Investigate, Response, and Recover Features 155
Automating Investigation and Remediation with Microsoft Defender for Endpoint 157
Using Microsoft Threat Expert Support for Remediation and Investigation 159
Targeted Attack Notification 159
Experts on Demand 161
Automating Security Response with MCAS and Microsoft Flow 166
Step 1: Generate Your API Token in Cloud App Security 167
Step 2: Create Your Trigger in Microsoft Flow 167
Step 3: Create the Teams Message Action in Microsoft Flow 168
Step 4: Generate an Email in Microsoft Flow 168
Connecting the Flow in Cloud App Security 169
Performing an Automated Response Using Azure Security Center 170
Using Machine Learning and Artificial Intelligence in Threat Response 172
Overview of Fusion Detections 173
Overview of Azure Machine Learning 174
Summary 182
Chapter 5 Microsoft Cybersecurity Reference Architecture and Capability Map 183
Introduction 183
Microsoft Security Architecture versus the NIST Cybersecurity Framework (CSF) 184
Microsoft Security Architecture 185
The Identify Function 186
The Protect Function 187
The Detect Function 188
The Respond Function 189
The Recover Function 189
Using the Microsoft Reference Architecture 190
Microsoft Threat Intelligence 190
Service Trust Portal 192
Security Development Lifecycle (SDL) 193
Protecting the Hybrid Cloud Infrastructure 194
Azure Marketplace 194
Private Link 195
Azure Arc 196
Azure Lighthouse 197
Azure Firewall 198
Azure Web Application Firewall (WAF) 200
Azure DDOS Protection 200
Azure Key Vault 201
Azure Bastion 202
Azure Site Recovery 204
Azure Security Center (ASC) 205
Microsoft Azure Secure Score 205
Protecting Endpoints and Clients 206
Microsoft Endpoint Manager (MEM) Configuration Manager 207
Microsoft Intune 208
Protecting Identities and Access 209
Azure AD Conditional Access 210
Passwordless for End-to-End
Secure Identity 211
Azure Active Directory (aka Azure AD) 211
Azure MFA 211
Azure Active Directory Identity Protection 212
Azure Active Directory Privilege Identity
Management (PIM) 213
Microsoft Defender for Identity 214
Azure AD B2B and B2C 215
Azure AD Identity Governance 215
Protecting SaaS Apps 216
Protecting Data and Information 219
Azure Purview 220
Microsoft Information Protection (MIP) 221
Azure Information Protection Unified Labeling Scanner (File Scanner) 222
The Advanced eDiscovery Solution in Microsoft 365 223
Compliance Manager 224
Protecting IoT and Operation Technology 225
Security Concerns with IoT 226
Understanding That IoT Cybersecurity Starts with a Threat Model 227
Microsoft Investment in IoT Technology 229
Azure Sphere 229
Azure Defender 229
Azure Defender for IoT 230
Threat Modeling for the Azure IoT Reference Architecture 230
Azure Defender for IoT Architecture (Agentless Solutions) 233
Azure Defender for IoT Architecture (Agent-based solutions) 234
Understanding the Security Operations Solutions 235
Understanding the People Security Solutions 236
Attack Simulator 237
Insider Risk Management (IRM) 237
Communication Compliance 239
Summary 240
Part III Hunting in AWS 241
Chapter 6 AWS Cloud Threat Prevention Framework 243
Introduction to AWS Well-Architected Framework 244
The Five Pillars of the Well-Architected Framework 245
Operational Excellence 246
Security 246
Reliability 246
Performance Efficiency 246
Cost Optimization 246
The Shared Responsibility Model 246
AWS Services for Monitoring, Logging, and Alerting 248
AWS CloudTrail 249
Amazon CloudWatch Logs 251
Amazon VPC Flow Logs 252
Amazon GuardDuty 253
AWS Security Hub 254
AWS Protect Features 256
How Do You Prevent Initial Access? 256
How Do You Protect APIs from SQL Injection Attacks Using API
Gateway and AWS WAF? 256
Prerequisites 257
Create an API 257
Create and Configure an AWS WAF 259
AWS Detection Features 263
How Do You Detect Privilege Escalation? 263
How Do You Detect the Abuse of Valid Account to Obtain High-Level Permissions? 264
Prerequisites 264
Configure GuardDuty to Detect Privilege Escalation 265
Reviewing the Findings 266
How Do You Detect Credential Access? 269
How Do You Detect Unsecured Credentials? 269
Prerequisites 270
Reviewing the Findings 274
How Do You Detect Lateral Movement? 276
How Do You Detect the Use of Stolen Alternate Authentication Material? 277
Prerequisites 277
How Do You Detect Potential Unauthorized Access to Your AWS Resources? 277
Reviewing the Findings 278
How Do You Detect Command and Control? 280
How Do You Detect the Communications to a Command and Control Server Using the Domain Name System (DNS)? 281
Prerequisites 281
How Do You Detect EC2 Instance Communication with a Command and Control (C&C) Server Using DNS 281
Reviewing the Findings 282
How Do You Detect Data Exfiltration? 284
Prerequisites 285
How Do You Detect the Exfiltration Using...
Details
| Erscheinungsjahr: | 2021 |
|---|---|
| Genre: | Informatik |
| Rubrik: | Naturwissenschaften & Technik |
| Medium: | Taschenbuch |
| Seiten: | 544 |
| Inhalt: | 544 S. |
| ISBN-13: | 9781119804062 |
| ISBN-10: | 111980406X |
| Sprache: | Englisch |
| Herstellernummer: | 1W119804060 |
| Einband: | Kartoniert / Broschiert |
| Autor: |
Kudrati, Abbas
Pillai, Binil Peiris, Chris |
| Hersteller: | John Wiley & Sons Inc |
| Maße: | 190 x 234 x 28 mm |
| Von/Mit: | Abbas Kudrati (u. a.) |
| Erscheinungsdatum: | 18.11.2021 |
| Gewicht: | 0,9 kg |
Über den Autor
CHRIS PEIRIS, PhD, has advised Fortune 500 companies, Federal and State Governments, and Defense and Intelligence entities in the Americas, Asia, Japan, Europe, and Australia New Zealand. He has 25+ years of IT industry experience. He is the author of 10 published books and is a highly sought-after keynote speaker.
BINIL PILLAI is a Microsoft Global Security Compliance and Identity (SCI) Director for Strategy and Business Development focusing on the Small Medium Enterprise segment. He has 21+ years of experience in B2B cybersecurity, digital transformation, and management consulting. He is also a board advisor to several start-ups to help grow their businesses successfully.
ABBAS KUDRATI is a CISO and cybersecurity practitioner. He is currently Microsoft Asia's Lead Chief Cybersecurity Advisor for the Security Solution Area and serves as Executive Advisor to Deakin University, LaTrobe University, HITRUST ASIA, and EC Council ASIA.
Inhaltsverzeichnis
Foreword xxxi
Introduction xxxiii
Part I Threat Hunting Frameworks 1
Chapter 1 Introduction to Threat Hunting 3
The Rise of Cybercrime 4
What Is Threat Hunting? 6
The Key Cyberthreats and Threat Actors 7
Phishing 7
Ransomware 8
Nation State 10
The Necessity of Threat Hunting 14
Does the Organization's Size Matter? 17
Threat Modeling 19
Threat-Hunting
Maturity Model 23
Organization Maturity and Readiness 23
Level 0: INITIAL 24
Level 1: MINIMAL 25
Level 2: PROCEDURAL 25
Level 3: INNOVATIVE 25
Level 4: LEADING 25
Human Elements of Threat Hunting 26
How Do You Make the Board of Directors Cyber-Smart? 27
Threat-Hunting Team Structure 30
External Model 30
Dedicated Internal Hunting Team Model 30
Combined/Hybrid Team Model 30
Periodic Hunt Teams Model 30
Urgent Need for Human-Led Threat Hunting 31
The Threat Hunter's Role 31
Summary 33
Chapter 2 Modern Approach to Multi-Cloud Threat Hunting 35
Multi-Cloud Threat Hunting 35
Multi-Tenant Cloud Environment 38
Threat Hunting in Multi-Cloud and Multi-Tenant Environments 39
Building Blocks for the Security Operations Center 41
Scope and Type of SOC 43
Services, Not Just Monitoring 43
SOC Model 43
Define a Process for Identifying and Managing Threats 44
Tools and Technologies to Empower SOC 44
People (Specialized Teams) 45
Cyberthreat Detection, Threat Modeling, and the Need for Proactive Threat Hunting Within SOC 46
Cyberthreat Detection 46
Threat-Hunting Goals and Objectives 49
Threat Modeling and SOC 50
The Need for a Proactive Hunting Team Within SOC 50
Assume Breach and Be Proactive 51
Invest in People 51
Develop an Informed Hypothesis 52
Cyber Resiliency and Organizational Culture 53
Skillsets Required for Threat Hunting 54
Security Analysis 55
Data Analysis 56
Programming Languages 56
Analytical Mindset 56
Soft Skills 56
Outsourcing 56
Threat-Hunting Process and Procedures 57
Metrics for Assessing the Effectiveness of Threat Hunting 58
Foundational Metrics 58
Operational Metrics 59
Threat-Hunting Program Effectiveness 61
Summary 62
Chapter 3 Exploration of MITRE Key Attack Vectors 63
Understanding MITRE ATT&CK 63
What Is MITRE ATT&CK Used For? 64
How Is MITRE ATT&CK Used and Who Uses It? 65
How Is Testing Done According to MITRE? 65
Tactics 67
Techniques 67
Threat Hunting Using Five Common Tactics 69
Privilege Escalation 71
Case Study 72
Credential Access 73
Case Study 74
Lateral Movement 75
Case Study 75
Command and Control 77
Case Study 77
Exfiltration 79
Case Study 79
Other Methodologies and Key Threat-Hunting Tools to Combat
Attack Vectors 80
Zero Trust 80
Threat Intelligence and Zero Trust 83
Build Cloud-Based Defense-in-Depth 84
Analysis Tools 86
Microsoft Tools 86
Connect To All Your Data 87
Workbooks 88
Analytics 88
Security Automation and Orchestration 90
Investigation 91
Hunting 92
Community 92
AWS Tools 93
Analyzing Logs Directly 93
SIEMs in the Cloud 94
Summary 95
Resources 96
Part II Hunting in Microsoft Azure 99
Chapter 4 Microsoft Azure Cloud Threat Prevention Framework 101
Introduction to Microsoft Security 102
Understanding the Shared Responsibility Model 102
Microsoft Services for Cloud Security Posture Management and Logging/Monitoring 105
Overview of Azure Security Center and Azure Defender 105
Overview of Microsoft Azure Sentinel 108
Using Microsoft Secure and Protect Features 112
Identity & Access Management 113
Infrastructure & Network 114
Data & Application 115
Customer Access 115
Using Azure Web Application Firewall to Protect a Website Against an "Initial Access" TTP 116
Using Microsoft Defender for Office 365 to Protect Against an "Initial Access" TTP 118
Using Microsoft Defender Endpoint to Protect Against an "Initial Access" TTP 121
Using Azure Conditional Access to Protect Against an "Initial Access" TTP 123
Microsoft Detect Services 127
Detecting "Privilege Escalation" TTPs 128
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Privilege Escalation" TTP 128
Detecting Credential Access 131
Using Azure Identity Protection to Detect Threats Against a "Credential Access" TTP 132
Steps to Configure and Enable Risk Polices (Sign-in Risk and User Risk) 134
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Credential Access" TTP 137
Detecting Lateral Movement 139
Using Just-in-Time in ASC to Protect and Detect Threats Against a "Lateral Movement" TTP 139
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Lateral Movement" TTP 144
Detecting Command and Control 145
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Command and Control" TTP 146
Detecting Data Exfiltration 147
Using Azure Information Protection to Detect Threats Against a "Data Exfiltration" TTP 148
Discovering Sensitive Content Using AIP 149
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Data Exfiltration" TTP 153
Detecting Threats and Proactively Hunting with Microsoft 365 Defender 154
Microsoft Investigate, Response, and Recover Features 155
Automating Investigation and Remediation with Microsoft Defender for Endpoint 157
Using Microsoft Threat Expert Support for Remediation and Investigation 159
Targeted Attack Notification 159
Experts on Demand 161
Automating Security Response with MCAS and Microsoft Flow 166
Step 1: Generate Your API Token in Cloud App Security 167
Step 2: Create Your Trigger in Microsoft Flow 167
Step 3: Create the Teams Message Action in Microsoft Flow 168
Step 4: Generate an Email in Microsoft Flow 168
Connecting the Flow in Cloud App Security 169
Performing an Automated Response Using Azure Security Center 170
Using Machine Learning and Artificial Intelligence in Threat Response 172
Overview of Fusion Detections 173
Overview of Azure Machine Learning 174
Summary 182
Chapter 5 Microsoft Cybersecurity Reference Architecture and Capability Map 183
Introduction 183
Microsoft Security Architecture versus the NIST Cybersecurity Framework (CSF) 184
Microsoft Security Architecture 185
The Identify Function 186
The Protect Function 187
The Detect Function 188
The Respond Function 189
The Recover Function 189
Using the Microsoft Reference Architecture 190
Microsoft Threat Intelligence 190
Service Trust Portal 192
Security Development Lifecycle (SDL) 193
Protecting the Hybrid Cloud Infrastructure 194
Azure Marketplace 194
Private Link 195
Azure Arc 196
Azure Lighthouse 197
Azure Firewall 198
Azure Web Application Firewall (WAF) 200
Azure DDOS Protection 200
Azure Key Vault 201
Azure Bastion 202
Azure Site Recovery 204
Azure Security Center (ASC) 205
Microsoft Azure Secure Score 205
Protecting Endpoints and Clients 206
Microsoft Endpoint Manager (MEM) Configuration Manager 207
Microsoft Intune 208
Protecting Identities and Access 209
Azure AD Conditional Access 210
Passwordless for End-to-End
Secure Identity 211
Azure Active Directory (aka Azure AD) 211
Azure MFA 211
Azure Active Directory Identity Protection 212
Azure Active Directory Privilege Identity
Management (PIM) 213
Microsoft Defender for Identity 214
Azure AD B2B and B2C 215
Azure AD Identity Governance 215
Protecting SaaS Apps 216
Protecting Data and Information 219
Azure Purview 220
Microsoft Information Protection (MIP) 221
Azure Information Protection Unified Labeling Scanner (File Scanner) 222
The Advanced eDiscovery Solution in Microsoft 365 223
Compliance Manager 224
Protecting IoT and Operation Technology 225
Security Concerns with IoT 226
Understanding That IoT Cybersecurity Starts with a Threat Model 227
Microsoft Investment in IoT Technology 229
Azure Sphere 229
Azure Defender 229
Azure Defender for IoT 230
Threat Modeling for the Azure IoT Reference Architecture 230
Azure Defender for IoT Architecture (Agentless Solutions) 233
Azure Defender for IoT Architecture (Agent-based solutions) 234
Understanding the Security Operations Solutions 235
Understanding the People Security Solutions 236
Attack Simulator 237
Insider Risk Management (IRM) 237
Communication Compliance 239
Summary 240
Part III Hunting in AWS 241
Chapter 6 AWS Cloud Threat Prevention Framework 243
Introduction to AWS Well-Architected Framework 244
The Five Pillars of the Well-Architected Framework 245
Operational Excellence 246
Security 246
Reliability 246
Performance Efficiency 246
Cost Optimization 246
The Shared Responsibility Model 246
AWS Services for Monitoring, Logging, and Alerting 248
AWS CloudTrail 249
Amazon CloudWatch Logs 251
Amazon VPC Flow Logs 252
Amazon GuardDuty 253
AWS Security Hub 254
AWS Protect Features 256
How Do You Prevent Initial Access? 256
How Do You Protect APIs from SQL Injection Attacks Using API
Gateway and AWS WAF? 256
Prerequisites 257
Create an API 257
Create and Configure an AWS WAF 259
AWS Detection Features 263
How Do You Detect Privilege Escalation? 263
How Do You Detect the Abuse of Valid Account to Obtain High-Level Permissions? 264
Prerequisites 264
Configure GuardDuty to Detect Privilege Escalation 265
Reviewing the Findings 266
How Do You Detect Credential Access? 269
How Do You Detect Unsecured Credentials? 269
Prerequisites 270
Reviewing the Findings 274
How Do You Detect Lateral Movement? 276
How Do You Detect the Use of Stolen Alternate Authentication Material? 277
Prerequisites 277
How Do You Detect Potential Unauthorized Access to Your AWS Resources? 277
Reviewing the Findings 278
How Do You Detect Command and Control? 280
How Do You Detect the Communications to a Command and Control Server Using the Domain Name System (DNS)? 281
Prerequisites 281
How Do You Detect EC2 Instance Communication with a Command and Control (C&C) Server Using DNS 281
Reviewing the Findings 282
How Do You Detect Data Exfiltration? 284
Prerequisites 285
How Do You Detect the Exfiltration Using...
Introduction xxxiii
Part I Threat Hunting Frameworks 1
Chapter 1 Introduction to Threat Hunting 3
The Rise of Cybercrime 4
What Is Threat Hunting? 6
The Key Cyberthreats and Threat Actors 7
Phishing 7
Ransomware 8
Nation State 10
The Necessity of Threat Hunting 14
Does the Organization's Size Matter? 17
Threat Modeling 19
Threat-Hunting
Maturity Model 23
Organization Maturity and Readiness 23
Level 0: INITIAL 24
Level 1: MINIMAL 25
Level 2: PROCEDURAL 25
Level 3: INNOVATIVE 25
Level 4: LEADING 25
Human Elements of Threat Hunting 26
How Do You Make the Board of Directors Cyber-Smart? 27
Threat-Hunting Team Structure 30
External Model 30
Dedicated Internal Hunting Team Model 30
Combined/Hybrid Team Model 30
Periodic Hunt Teams Model 30
Urgent Need for Human-Led Threat Hunting 31
The Threat Hunter's Role 31
Summary 33
Chapter 2 Modern Approach to Multi-Cloud Threat Hunting 35
Multi-Cloud Threat Hunting 35
Multi-Tenant Cloud Environment 38
Threat Hunting in Multi-Cloud and Multi-Tenant Environments 39
Building Blocks for the Security Operations Center 41
Scope and Type of SOC 43
Services, Not Just Monitoring 43
SOC Model 43
Define a Process for Identifying and Managing Threats 44
Tools and Technologies to Empower SOC 44
People (Specialized Teams) 45
Cyberthreat Detection, Threat Modeling, and the Need for Proactive Threat Hunting Within SOC 46
Cyberthreat Detection 46
Threat-Hunting Goals and Objectives 49
Threat Modeling and SOC 50
The Need for a Proactive Hunting Team Within SOC 50
Assume Breach and Be Proactive 51
Invest in People 51
Develop an Informed Hypothesis 52
Cyber Resiliency and Organizational Culture 53
Skillsets Required for Threat Hunting 54
Security Analysis 55
Data Analysis 56
Programming Languages 56
Analytical Mindset 56
Soft Skills 56
Outsourcing 56
Threat-Hunting Process and Procedures 57
Metrics for Assessing the Effectiveness of Threat Hunting 58
Foundational Metrics 58
Operational Metrics 59
Threat-Hunting Program Effectiveness 61
Summary 62
Chapter 3 Exploration of MITRE Key Attack Vectors 63
Understanding MITRE ATT&CK 63
What Is MITRE ATT&CK Used For? 64
How Is MITRE ATT&CK Used and Who Uses It? 65
How Is Testing Done According to MITRE? 65
Tactics 67
Techniques 67
Threat Hunting Using Five Common Tactics 69
Privilege Escalation 71
Case Study 72
Credential Access 73
Case Study 74
Lateral Movement 75
Case Study 75
Command and Control 77
Case Study 77
Exfiltration 79
Case Study 79
Other Methodologies and Key Threat-Hunting Tools to Combat
Attack Vectors 80
Zero Trust 80
Threat Intelligence and Zero Trust 83
Build Cloud-Based Defense-in-Depth 84
Analysis Tools 86
Microsoft Tools 86
Connect To All Your Data 87
Workbooks 88
Analytics 88
Security Automation and Orchestration 90
Investigation 91
Hunting 92
Community 92
AWS Tools 93
Analyzing Logs Directly 93
SIEMs in the Cloud 94
Summary 95
Resources 96
Part II Hunting in Microsoft Azure 99
Chapter 4 Microsoft Azure Cloud Threat Prevention Framework 101
Introduction to Microsoft Security 102
Understanding the Shared Responsibility Model 102
Microsoft Services for Cloud Security Posture Management and Logging/Monitoring 105
Overview of Azure Security Center and Azure Defender 105
Overview of Microsoft Azure Sentinel 108
Using Microsoft Secure and Protect Features 112
Identity & Access Management 113
Infrastructure & Network 114
Data & Application 115
Customer Access 115
Using Azure Web Application Firewall to Protect a Website Against an "Initial Access" TTP 116
Using Microsoft Defender for Office 365 to Protect Against an "Initial Access" TTP 118
Using Microsoft Defender Endpoint to Protect Against an "Initial Access" TTP 121
Using Azure Conditional Access to Protect Against an "Initial Access" TTP 123
Microsoft Detect Services 127
Detecting "Privilege Escalation" TTPs 128
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Privilege Escalation" TTP 128
Detecting Credential Access 131
Using Azure Identity Protection to Detect Threats Against a "Credential Access" TTP 132
Steps to Configure and Enable Risk Polices (Sign-in Risk and User Risk) 134
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Credential Access" TTP 137
Detecting Lateral Movement 139
Using Just-in-Time in ASC to Protect and Detect Threats Against a "Lateral Movement" TTP 139
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Lateral Movement" TTP 144
Detecting Command and Control 145
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Command and Control" TTP 146
Detecting Data Exfiltration 147
Using Azure Information Protection to Detect Threats Against a "Data Exfiltration" TTP 148
Discovering Sensitive Content Using AIP 149
Using Azure Security Center and Azure Sentinel to Detect Threats Against a "Data Exfiltration" TTP 153
Detecting Threats and Proactively Hunting with Microsoft 365 Defender 154
Microsoft Investigate, Response, and Recover Features 155
Automating Investigation and Remediation with Microsoft Defender for Endpoint 157
Using Microsoft Threat Expert Support for Remediation and Investigation 159
Targeted Attack Notification 159
Experts on Demand 161
Automating Security Response with MCAS and Microsoft Flow 166
Step 1: Generate Your API Token in Cloud App Security 167
Step 2: Create Your Trigger in Microsoft Flow 167
Step 3: Create the Teams Message Action in Microsoft Flow 168
Step 4: Generate an Email in Microsoft Flow 168
Connecting the Flow in Cloud App Security 169
Performing an Automated Response Using Azure Security Center 170
Using Machine Learning and Artificial Intelligence in Threat Response 172
Overview of Fusion Detections 173
Overview of Azure Machine Learning 174
Summary 182
Chapter 5 Microsoft Cybersecurity Reference Architecture and Capability Map 183
Introduction 183
Microsoft Security Architecture versus the NIST Cybersecurity Framework (CSF) 184
Microsoft Security Architecture 185
The Identify Function 186
The Protect Function 187
The Detect Function 188
The Respond Function 189
The Recover Function 189
Using the Microsoft Reference Architecture 190
Microsoft Threat Intelligence 190
Service Trust Portal 192
Security Development Lifecycle (SDL) 193
Protecting the Hybrid Cloud Infrastructure 194
Azure Marketplace 194
Private Link 195
Azure Arc 196
Azure Lighthouse 197
Azure Firewall 198
Azure Web Application Firewall (WAF) 200
Azure DDOS Protection 200
Azure Key Vault 201
Azure Bastion 202
Azure Site Recovery 204
Azure Security Center (ASC) 205
Microsoft Azure Secure Score 205
Protecting Endpoints and Clients 206
Microsoft Endpoint Manager (MEM) Configuration Manager 207
Microsoft Intune 208
Protecting Identities and Access 209
Azure AD Conditional Access 210
Passwordless for End-to-End
Secure Identity 211
Azure Active Directory (aka Azure AD) 211
Azure MFA 211
Azure Active Directory Identity Protection 212
Azure Active Directory Privilege Identity
Management (PIM) 213
Microsoft Defender for Identity 214
Azure AD B2B and B2C 215
Azure AD Identity Governance 215
Protecting SaaS Apps 216
Protecting Data and Information 219
Azure Purview 220
Microsoft Information Protection (MIP) 221
Azure Information Protection Unified Labeling Scanner (File Scanner) 222
The Advanced eDiscovery Solution in Microsoft 365 223
Compliance Manager 224
Protecting IoT and Operation Technology 225
Security Concerns with IoT 226
Understanding That IoT Cybersecurity Starts with a Threat Model 227
Microsoft Investment in IoT Technology 229
Azure Sphere 229
Azure Defender 229
Azure Defender for IoT 230
Threat Modeling for the Azure IoT Reference Architecture 230
Azure Defender for IoT Architecture (Agentless Solutions) 233
Azure Defender for IoT Architecture (Agent-based solutions) 234
Understanding the Security Operations Solutions 235
Understanding the People Security Solutions 236
Attack Simulator 237
Insider Risk Management (IRM) 237
Communication Compliance 239
Summary 240
Part III Hunting in AWS 241
Chapter 6 AWS Cloud Threat Prevention Framework 243
Introduction to AWS Well-Architected Framework 244
The Five Pillars of the Well-Architected Framework 245
Operational Excellence 246
Security 246
Reliability 246
Performance Efficiency 246
Cost Optimization 246
The Shared Responsibility Model 246
AWS Services for Monitoring, Logging, and Alerting 248
AWS CloudTrail 249
Amazon CloudWatch Logs 251
Amazon VPC Flow Logs 252
Amazon GuardDuty 253
AWS Security Hub 254
AWS Protect Features 256
How Do You Prevent Initial Access? 256
How Do You Protect APIs from SQL Injection Attacks Using API
Gateway and AWS WAF? 256
Prerequisites 257
Create an API 257
Create and Configure an AWS WAF 259
AWS Detection Features 263
How Do You Detect Privilege Escalation? 263
How Do You Detect the Abuse of Valid Account to Obtain High-Level Permissions? 264
Prerequisites 264
Configure GuardDuty to Detect Privilege Escalation 265
Reviewing the Findings 266
How Do You Detect Credential Access? 269
How Do You Detect Unsecured Credentials? 269
Prerequisites 270
Reviewing the Findings 274
How Do You Detect Lateral Movement? 276
How Do You Detect the Use of Stolen Alternate Authentication Material? 277
Prerequisites 277
How Do You Detect Potential Unauthorized Access to Your AWS Resources? 277
Reviewing the Findings 278
How Do You Detect Command and Control? 280
How Do You Detect the Communications to a Command and Control Server Using the Domain Name System (DNS)? 281
Prerequisites 281
How Do You Detect EC2 Instance Communication with a Command and Control (C&C) Server Using DNS 281
Reviewing the Findings 282
How Do You Detect Data Exfiltration? 284
Prerequisites 285
How Do You Detect the Exfiltration Using...
Details
| Erscheinungsjahr: | 2021 |
|---|---|
| Genre: | Informatik |
| Rubrik: | Naturwissenschaften & Technik |
| Medium: | Taschenbuch |
| Seiten: | 544 |
| Inhalt: | 544 S. |
| ISBN-13: | 9781119804062 |
| ISBN-10: | 111980406X |
| Sprache: | Englisch |
| Herstellernummer: | 1W119804060 |
| Einband: | Kartoniert / Broschiert |
| Autor: |
Kudrati, Abbas
Pillai, Binil Peiris, Chris |
| Hersteller: | John Wiley & Sons Inc |
| Maße: | 190 x 234 x 28 mm |
| Von/Mit: | Abbas Kudrati (u. a.) |
| Erscheinungsdatum: | 18.11.2021 |
| Gewicht: | 0,9 kg |
Warnhinweis
Ähnliche Produkte
Taschenbuch
Lieferzeit 1-2 Wochen
Buch
Lieferzeit 1-2 Werktage
Taschenbuch
Lieferzeit 4-7 Werktage
Taschenbuch
Lieferzeit 4-7 Werktage
Taschenbuch
Lieferzeit 4-7 Werktage
Buch
Taschenbuch
Lieferzeit 1-2 Werktage
Taschenbuch
Aktuell nicht verfügbar
Taschenbuch
Lieferzeit 1-2 Wochen
Taschenbuch
Lieferzeit 1-2 Werktage