Crafting the InfoSec Playbook. Security Monitoring and Incident Response Master Plan

(ebook) (audiobook) (audiobook)

Autorzy:: Jeff Bollinger, Brandon Enright, Matthew Valites

Crafting the InfoSec Playbook. Security Monitoring and Incident Response Master Plan Jeff Bollinger, Brandon Enright, Matthew Valites - okładka ebooka

Crafting the InfoSec Playbook. Security Monitoring and Incident Response Master Plan Jeff Bollinger, Brandon Enright, Matthew Valites - okładka audiobooka MP3

Crafting the InfoSec Playbook. Security Monitoring and Incident Response Master Plan Jeff Bollinger, Brandon Enright, Matthew Valites - okładka audiobooks CD

Wydawnictwo:: O'Reilly Media (Z chęcią przeczytam książkę w języku polskim)
Ocena:: Bądź pierwszym, który oceni tę książkę
Stron:: 276
Dostępne formaty:: ePub

Mobi

+160 pkt

Ebook (152,15 zł najniższa cena z 30 dni)

~~189,00 zł~~ (-15%)
160,65 zł

Dodaj do koszyka lub Kup na prezent
Kup 1-kliknięciem

( 152,15 zł najniższa cena z 30 dni)

Przenieś na półkę

Do przechowalni

Any good attacker will tell you that expensive security monitoring and prevention tools aren’t enough to keep you secure. This practical book demonstrates a data-centric approach to distilling complex security monitoring, incident response, and threat analysis ideas into their most basic elements. You’ll learn how to develop your own threat intelligence and incident detection strategy, rather than depend on security tools alone.

Written by members of Cisco’s Computer Security Incident Response Team, this book shows IT and information security professionals how to create an InfoSec playbook by developing strategy, technique, and architecture.

Learn incident response fundamentals—and the importance of getting back to basics
Understand threats you face and what you should be protecting
Collect, mine, organize, and analyze as many relevant data sources as possible
Build your own playbook of repeatable methods for security monitoring and response
Learn how to put your plan into action and keep it running smoothly
Select the right monitoring and detection tools for your environment
Develop queries to help you sort through data and create valuable reports
Know what actions to take during the incident response phase

Wybrane bestsellery

Ebooka "Crafting the InfoSec Playbook. Security Monitoring and Incident Response Master Plan" przeczytasz na:

czytnikach Inkbook, Kindle, Pocketbook, Onyx Boox i innych
systemach Windows, MacOS i innych

systemach Windows, Android, iOS, HarmonyOS
na dowolnych urządzeniach i aplikacjach obsługujących formaty: PDF, EPub, Mobi

Masz pytania? Zajrzyj do zakładki Pomoc »

Audiobooka "Crafting the InfoSec Playbook. Security Monitoring and Incident Response Master Plan" posłuchasz:

w aplikacji Ebookpoint na Android, iOS, HarmonyOs
na systemach Windows, MacOS i innych

na dowolnych urządzeniach
i aplikacjach obsługujących format MP3
(pliki spakowane w ZIP)

Masz pytania? Zajrzyj do zakładki Pomoc »

Kurs Video "Crafting the InfoSec Playbook. Security Monitoring and Incident Response Master Plan" zobaczysz:

Oceny i opinie klientów: Crafting the InfoSec Playbook. Security Monitoring and Incident Response Master Plan Jeff Bollinger, Brandon Enright, Matthew Valites (0) Weryfikacja opinii następuję na podstawie historii zamówień na koncie Użytkownika umieszczającego opinię. Użytkownik mógł otrzymać punkty za opublikowanie opinii uprawniające do uzyskania rabatu w ramach Programu Punktowego.

Szczegóły ebooka

ISBN Ebooka:: 978-14-919-1360-4, 9781491913604
Data wydania ebooka:: 2015-05-07 Data wydania ebooka często jest dniem wprowadzenia tytułu do sprzedaży i może nie być równoznaczna z datą wydania książki papierowej. Dodatkowe informacje możesz znaleźć w darmowym fragmencie. Jeśli masz wątpliwości skontaktuj się z nami sklep@ebookpoint.pl.
Język publikacji:: angielski
Rozmiar pliku ePub:: 8.4MB
Rozmiar pliku Mobi:: 20.2MB

Kategorie

Kliknij, aby zgłosić błędnie przypisaną kategorię »

Informatyka » Hacking » Bezpieczeństwo systemów

Informatyka » Hacking » Inne

Informatyka » Hacking » Bezpieczeństwo sieci

Spis treści ebooka

Foreword
Preface
- Should You Read This Book?
- Why We Wrote This Book
- Cut to the Chase
- How to Navigate This Book
- Additional Resources
- Conventions Used in This Book
- Safari Books Online
- How to Contact Us
- Acknowledgments
1. Incident Response Fundamentals
- The Incident Response Team
- Justify Your Existence
- Measure Up
- Whos Got My Back?
  - Friends on the Outside
- The Tool Maketh the Team
- Choose Your Own Adventure
- Buy or Build?
- Run the Playbook!
- Chapter Summary
2. What Are You Trying to Protect?
- The Four Core Questions
- There Used to Be a Doorway Here
- Host Attribution
  - Bring Your Own Metadata
- Identifying the Crown Jewels
- Make Your Own Sandwich
- More Crown Jewels
  - Low-Hanging Fruit
- Standard Standards
- Risk Tolerance
- Can I Get a Copy of Your Playbook?
- Chapter Summary
3. What Are the Threats?
- The Criminal Is the Creative Artist; the Detective Only the Critic
- Hanging Tough
- Cash Rules Everything Around Me
- Greed.isGood();
- I Dont Want Your Wallet, I Want Your Phone
- Theres No Place Like 127.0.0.1
- Lets Play Global Thermonuclear War
- Defense Against the Dark Arts
- Chapter Summary
4. A Data-Centric Approach to Security Monitoring
- Get a Handle on Your Data
  - Logging Requirements
  - Just the Facts
  - Normalization
  - Playing Fields
  - Fields in Practice
  - Fields Within Fields
- Metadata: Data About Data About Data
  - Metadata for Security
  - Blinded Me with [Data] Science!
  - Metadata in Practice
  - Context Is King
- Chapter Summary
5. Enter the Playbook
- Report Identification
  - Objective Statement
  - Result Analysis
  - Data Query/Code
  - Analyst Comments/Notes
  - The Framework Is CompleteNow What?
- Chapter Summary
6. Operationalize!
- You Are Smarter Than a Computer
  - People, Process, and Technology
  - Trusted Insiders
  - Dont Quit the Day Job
  - Critical Thinking
  - Systematic Approach
- Playbook Management System
  - Measure Twice, Cut Once, Then Measure Again
  - Report Guidelines
  - Reviewing High-Fidelity Reports in Theory
  - Reviewing Investigative Reports in Theory
  - Reviewing Reports in Practice
- Event Query System
- Result Presentation System
- Incident Handling and Remediation Systems
- Case Tracking Systems
- Keep It Running
- Keep It Fresh
- Chapter Summary
7. Tools of the Trade
- Defense in Depth
  - Successful Incident Detection
- The Security Monitoring Toolkit
  - Log Management: The Security Event Data Warehouse
    - Deployment considerations
  - Intrusion Detection Isnt Dead
    - Deployment considerations
      - Inline blocking or passive detection
      - Location, location, location
    - Lets look at real-world examples
    - Limitations
  - HIP Shot
    - Deployment considerations
    - Lets look at real-world examples
    - Limitations
  - Hustle and NetFlow
    - Deployment considerations
    - 1:1 versus sampled
    - NetFlow on steroids
    - Lets look at real-world examples
    - Limitations (and workarounds)
    - Realities of expiration
    - Directionality
    - Device support
    - UDP
  - DNS, the One True King
    - Deployment considerations
    - Little P, big DNS
    - Client queries
    - Server responses
    - RPZed
    - Four policy triggers to rule them all
    - Dont block; subvert
    - Lets look at real-world examples
    - Limitations
  - HTTP Is the Platform: Web Proxies
    - Deployment considerations
    - Threat prevention
    - Lets look at real-world examples
    - Backdoor downloads and check-ins
    - Exploit kits
    - Limitations
  - [rolling] Packet Capture
    - Deployment considerations
    - Lets look at real world examples
    - Limitations
  - Applied Intelligence
    - Deployment considerations
    - Lets look at real-world examples
    - Limitations
  - Shutting the Toolbox
  - Putting It All Together
- Chapter Summary
8. Queries and Reports
- False Positives: Every Playbooks Mortal Enemy
- There Aint No Such Thing as a Free Report
- An Inch Deep and a Mile Wide
- A Million Monkeys with a Million Typewriters
- A Chain Is Only as Strong as Its Weakest Link
- Detect the Chain Links, Not the Chain
- Getting Started Creating Queries
- Turning Samples of Malicious Activity into Queries for Reports
- Reports Are Patterns, Patterns Are Reports
- The Goldilocks-Fidelity
- Exploring Out of Sight of Land
  - Sticking with What You Know
  - Inverting Known Good
  - Looking for Things Labeled as Bad
    - Intelligence: A smart addition to your playbook
    - Basics are 90% of the game
- Chapter Summary
9. Advanced Querying
- Basic Versus Advanced
- The False Positive Paradox
- Good Indications
- Consensus as an Indicator (Set Operations and Outlier Finding)
- Set Operations for Finding Commonalities
- Finding Black Sheep
- Statistics: 60% of the Time, It Works Every Time
- Skimming the IDS Flotsam Off the Top
- Pulling Patterns Out of NetFlow
  - Horizontal Scanning
  - Vertical Scanning
- Looking for Beaconing with Statistics
- Is Seven a Random Number?
- Correlation Through Contingent Data
- Who Is Keyser Söze?
- Guilty by Association
- Chapter Summary
10. Ive Got Incidents Now! How Do I Respond?
- Shore Up the Defenses
- Lockdown
  - The Fifth Estate
- No Route for You
  - Not Your Bailiwick
- One Potato, Two Potato, Three Potato, Yours
  - Get to the Point
- Lessons Learned
- Chapter Summary
11. How to Stay Relevant
- Oh, What a Tangled Web We Weave, When First We Practice to Deceive!
- The Rise of Encryption
- Encrypt Everything?
  - Catching the Ghost
- TL;DR
Index

pokaż cały spis treści

Crafting the InfoSec Playbook. Security Monitoring and Incident Response Master Plan

Ebook (152,15 zł najniższa cena z 30 dni)

Najczęściej kupowane razem