Book Image

Incident Response with Threat Intelligence

By : Roberto Martinez
Book Image

Incident Response with Threat Intelligence

By: Roberto Martinez

Overview of this book

With constantly evolving cyber threats, developing a cybersecurity incident response capability to identify and contain threats is indispensable for any organization regardless of its size. This book covers theoretical concepts and a variety of real-life scenarios that will help you to apply these concepts within your organization. Starting with the basics of incident response, the book introduces you to professional practices and advanced concepts for integrating threat hunting and threat intelligence procedures in the identification, contention, and eradication stages of the incident response cycle. As you progress through the chapters, you'll cover the different aspects of developing an incident response program. You'll learn the implementation and use of platforms such as TheHive and ELK and tools for evidence collection such as Velociraptor and KAPE before getting to grips with the integration of frameworks such as Cyber Kill Chain and MITRE ATT&CK for analysis and investigation. You'll also explore methodologies and tools for cyber threat hunting with Sigma and YARA rules. By the end of this book, you'll have learned everything you need to respond to cybersecurity incidents using threat intelligence.
Table of Contents (20 chapters)
1
Section 1: The Fundamentals of Incident Response
6
Section 2: Getting to Know the Adversaries
10
Section 3: Designing and Implementing Incident Response in Organizations
15
Section 4: Improving Threat Detection in Incident Response

Chapter 1: Threat Landscape and Cybersecurity Incidents

Cyber attacks against organizations worldwide, regardless of their size or geography, are growing in a sustained way, and every day we see more news about security breaches.

According to a study of the Identity Theft Resource Center, between January 1, 2005, and May 31, 2020, there were 11,762 recorded breaches, and just in the first half of 2020, about 36 billion records were exposed according to a report from the company Risk Based Security.

In the ninth annual study of the cost of cybercrime, elaborated by The Ponemon Institute and the firm Accenture, security breaches have increased by 67% in the last 5 years, and according to the security company, McAfee, in their report entitled The Hidden Costs of Cybercrime, the monetary loss was around 1 trillion dollars.

The significant impact that cyber attacks have on a world in which we increasingly rely on technology to do business, keep the industry running, or in terms of national security, and our daily activities, is clear. Unfortunately, many organizations are not prepared to deal with a security incident and, in many cases, react when it is too late.

There is a whole ecosystem around cyber attacks and it will depend on the motivation and skills of the attackers so that they can be realized. That is why it is important to understand that beyond a conventional risk assessment, it is necessary to know the potential threats to which the particular organization is exposed.

A proactive posture on cybersecurity involves focusing on monitoring and detection by betting everything on the front line of defense and developing an ability to identify and respond early to a cybersecurity incident by minimizing its impact.

In this chapter, we're going to cover the following topics.

  • The current threat landscape
  • The motivations behind cyber attacks
  • The emerging and future threats