Book Image

Incident Response in the Age of Cloud

By : Dr. Erdal Ozkaya
Book Image

Incident Response in the Age of Cloud

By: Dr. Erdal Ozkaya

Overview of this book

Cybercriminals are always in search of new methods to infiltrate systems. Quickly responding to an incident will help organizations minimize losses, decrease vulnerabilities, and rebuild services and processes. In the wake of the COVID-19 pandemic, with most organizations gravitating towards remote working and cloud computing, this book uses frameworks such as MITRE ATT&CK® and the SANS IR model to assess security risks. The book begins by introducing you to the cybersecurity landscape and explaining why IR matters. You will understand the evolution of IR, current challenges, key metrics, and the composition of an IR team, along with an array of methods and tools used in an effective IR process. You will then learn how to apply these strategies, with discussions on incident alerting, handling, investigation, recovery, and reporting. Further, you will cover governing IR on multiple platforms and sharing cyber threat intelligence and the procedures involved in IR in the cloud. Finally, the book concludes with an “Ask the Experts” chapter wherein industry experts have provided their perspective on diverse topics in the IR sphere. By the end of this book, you should become proficient at building and applying IR strategies pre-emptively and confidently.

Related Content you might be interested in

Current Title:

Small book image
Incident Response in the Age of Cloud
Dr. Erdal Ozkaya
Feb, 2021 | 622 pages
Small book image
Cybersecurity: The Beginner's Guide
Erdal Ozkaya
May, 2019 | 396 pages
Small book image
Cybersecurity – Attack and Defense Strategies.
Erdal Ozkaya | Yuri Diogenes
Dec, 2019 | 634 pages
Small book image
Cybersecurity – Attack and Defense Strategies, 3rd edition
Yuri Diogenes | Erdal Ozkaya
Sep, 2022 | 570 pages
Table of Contents (18 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
1
Getting Started with Incident Response
Getting Started with Incident Response
The cybersecurity threat landscape
What is incident response?
The importance of organizational incident response plans
GDPR and NIS regulations about incident response
Components of an incident response plan
Tips
Summary
Further reading
Free Chapter
2
Incident Response – Evolution and Current Challenges
Incident Response – Evolution and Current Challenges
The evolution of incident response
Challenges facing incident response
Why do we need incident response?
Tips
Summary
Further reading
3
How to Organize an Incident Response Team
How to Organize an Incident Response Team
What an IR team does
The composition of an IR team
Choosing the ideal response team
How the IR team should be supported
Where the IR team should be located
Building an IR strategy
Security operations and continuous monitoring
Tips
Summary
Further reading
4
Key Metrics for Incident Response
Key Metrics for Incident Response
Key incident response metrics
Understanding KPIs
Key metrics for a phishing attack
Incident response metrics in the cloud
Tips
Summary
Further reading
5
Methods and Tools of Incident Response Processes
Methods and Tools of Incident Response Processes
The OODA loop
IR playbooks
IR tactics in the cloud
IR tools for the cloud
Tips
Summary
Further reading
6
Incident Handling
Incident Handling
The NIST definition of a security incident
The incident response process
Handling an incident
Handling an incident in a phishing scenario
Hands-on phishing incident response
Tips
Summary
Further reading
7
Incident Investigation
Incident Investigation
Incident investigation essentials
Investigating a phishing attack
Analysis of emails
Investigation tools
Investigating user inboxes
Automatic and scheduled investigations
Summary
Further reading
8
Incident Reporting
Incident Reporting
Reporting to the IR team
Reporting to the SOC team
Reporting to third parties
Reporting to the media
Reporting to the cloud service provider
Phishing alerting and reporting
Reporting on mobile devices
Reporting with web email access
Reporting to a SOC team and third-party services using IOC feeds
Summary
Further reading
9
Incident Response on Multiple Platforms
Incident Response on Multiple Platforms
IR on computers
IR on mobile devices
IR on Active Directory
IR in the cloud
Summary
Further reading
10
Cyber Threat Intelligence Sharing
Cyber Threat Intelligence Sharing
Introducing threat intelligence
The importance of threat intelligence
How to share threat intelligence
Threat intelligence tools and platforms
Summary
Further reading
11
Incident Response in the Cloud
Incident Response in the Cloud
Cloud service models
Assessing IR in the cloud using the SANS IR model
Understanding cloud attacks using the MITRE cloud matrix
Top threats facing cloud systems
Implementing SOAR techniques and recommendations
IR in the cloud: developing a plan of action
Summary
Further reading
12
Building a Culture of Incident Readiness
Building a Culture of Incident Readiness
Threat hunting
Purple teaming
Artificial intelligence and incident response
IR readiness in the cloud
Summary
Further reading
13
Incident Response Best Practices
Incident Response Best Practices
Adopting proactive mobilization
Using a well-defined resolution process
Making an easy-to-implement IR plan
Using effective communication strategies
Breaking down information silos
Using a centralized approach
Testing IR plans
Assessing and reviewing the IR plan
Automating basic tasks
Using templates and playbooks
Carrying out post-incident reviews
Tips
Summary
Further reading
14
Incident Case Studies
Incident Case Studies
Dealing with a spear phishing attack with Keepnet Incident Responder
Performing digital forensics with Binalyze's IREC
Summary
15
Ask the Experts
Ask the Experts
Approaches to IR
IR in the cloud
Tools and techniques
Methods of attack
Why subscribe?
16
Other Books You May Enjoy
Other Books You May Enjoy
17
Index
Index

IR in the cloud

As we've already learned, an incident is a service disruption that impacts your customers and end users, regardless of where this is—be it a mobile device or the cloud! We've also learned that incidents can come in many different forms, ranging from performance slowdowns to system crashes or difficulties reaching your server or service!

When we look at the top cloud threats, you will notice the list is similar to the non-cloud theaters, since the cloud is, in reality, a data center that is managed by the cloud provider and your organization, depending of the service you are getting.

  • Public Secrets: Leaving secrets in open repositories like GitHub.
  • Misconfiguration: Similar to on-premises, not using the right settings might get your data exposed.
  • Exposed End Points: Open to brute-force attacks.
  • Account Hijacking: Since identity is the new permitter, getting your account hijacked will give your access to the threat actors...
Previous Section
End of Section 5
Next Section