Book Image

Cybersecurity Blue Team Strategies

By : Kunal Sehgal, Nikolaos Thymianis
Book Image

Cybersecurity Blue Team Strategies

By: Kunal Sehgal, Nikolaos Thymianis

Overview of this book

We've reached a point where all organizational data is connected through some network. With advancements and connectivity comes ever-evolving cyber threats - compromising sensitive data and access to vulnerable systems. Cybersecurity Blue Team Strategies is a comprehensive guide that will help you extend your cybersecurity knowledge and teach you to implement blue teams in your organization from scratch. Through the course of this book, you’ll learn defensive cybersecurity measures while thinking from an attacker's perspective. With this book, you'll be able to test and assess the effectiveness of your organization’s cybersecurity posture. No matter the medium your organization has chosen- cloud, on-premises, or hybrid, this book will provide an in-depth understanding of how cyber attackers can penetrate your systems and gain access to sensitive information. Beginning with a brief overview of the importance of a blue team, you’ll learn important techniques and best practices a cybersecurity operator or a blue team practitioner should be aware of. By understanding tools, processes, and operations, you’ll be equipped with evolving solutions and strategies to overcome cybersecurity challenges and successfully manage cyber threats to avoid adversaries. By the end of this book, you'll have enough exposure to blue team operations and be able to successfully set up a blue team in your organization.
Table of Contents (18 chapters)
1
Part 1:Establishing the Blue
14
Part 3:Ask the Experts

The MITRE ATT&CK framework

MITRE (www.mitre.org) has been a trusted independent adviser since about 1958 and has been working on developing frameworks that help organizations and, more importantly, blue teams to structure their cyber defenses.

They have developed the ATT&CK framework, which stands for Adversarial Tactics, Techniques, and Common Knowledge. This framework includes several knowledge points that can be used to build kill chains and threat models that reflect the attackers’ behavior and TTPs. It has become a standard to not only determine whether a cybersecurity solution can detect as many TTPs as possible to prove its efficiency but also to define a framework for the sharing of intel between various parties. The framework provides an easy method of sharing intelligence in a uniform language that is both universally accessible and acceptable to everyone.

It is widely acknowledged that the ATT&CK framework serves as an authoritative guide to understanding...