Book Image

Cybersecurity – Attack and Defense Strategies - Third Edition

By : Yuri Diogenes, Dr. Erdal Ozkaya

5 (2)

Book Image

Cybersecurity – Attack and Defense Strategies - Third Edition

5 (2)

By: Yuri Diogenes, Dr. Erdal Ozkaya

Overview of this book

Cybersecurity – Attack and Defense Strategies, Third Edition will bring you up to speed with the key aspects of threat assessment and security hygiene, the current threat landscape and its challenges, and how to maintain a strong security posture. In this carefully revised new edition, you will learn about the Zero Trust approach and the initial Incident Response process. You will gradually become familiar with Red Team tactics, where you will learn basic syntax for commonly used tools to perform the necessary operations. You will also learn how to apply newer Red Team techniques with powerful tools. Simultaneously, Blue Team tactics are introduced to help you defend your system from complex cyber-attacks. This book provides a clear, in-depth understanding of attack/defense methods as well as patterns to recognize irregular behavior within your organization. Finally, you will learn how to analyze your network and address malware, while becoming familiar with mitigation and threat detection techniques. By the end of this cybersecurity book, you will have discovered the latest tools to enhance the security of your system, learned about the security controls you need, and understood how to carry out each step of the incident response process.

Preface

Who this book is for

What this book covers

To get the most out of this book

Security Posture

Security Posture

Why security hygiene should be your number one priority

The current threat landscape

Cybersecurity challenges

Enhancing your security posture

The Red and Blue Teams

Free Chapter

Incident Response Process

Incident Response Process

The incident response process

Handling an incident

Post-incident activity

Considerations for incident response in the cloud

What is a Cyber Strategy?

What is a Cyber Strategy?

How to build a cyber strategy

Why do we need to build a cyber strategy?

Best cyber attack strategies

Best cyber defense strategies

Benefits of having a proactive cybersecurity strategy

Top cybersecurity strategies for businesses

Further reading

Understanding the Cybersecurity Kill Chain

Understanding the Cybersecurity Kill Chain

Understanding the Cyber Kill Chain

Security controls used to stop the Cyber Kill Chain

Threat life cycle management

Concerns about the Cybersecurity Kill Chain

How the Cyber Kill Chain has evolved

Tools used during the Cyber Kill Chain

Comodo AEP via Dragon Platform

Further reading

Reconnaissance

External reconnaissance

Internal reconnaissance

Tools used for reconnaissance

Passive vs. active reconnaissance

How to combat reconnaissance

How to prevent reconnaissance

Compromising the System

Compromising the System

Analyzing current trends

Performing the steps to compromise a system

Mobile phone (iOS/Android) attacks

Further reading

Chasing a User’s Identity

Chasing a User’s Identity

Identity is the new perimeter

Strategies for compromising a user’s identity

Lateral Movement

Lateral Movement

Network mapping

Performing lateral movement

Further reading

Privilege Escalation

Privilege Escalation

Security Policy

Security Policy

Reviewing your security policy

Educating the end user

Policy enforcement

Monitoring for compliance

Continuously driving security posture enhancement via security policy

Network Security

Network Security

The defense-in-depth approach

Physical network segmentation

Securing remote access to the network

Virtual network segmentation

Zero trust network

Hybrid cloud network security

Active Sensors

Detection capabilities

Intrusion detection systems

Intrusion prevention system

Behavior analytics on-premises

Behavior analytics in a hybrid cloud

Threat Intelligence

Threat Intelligence

Introduction to threat intelligence

Open-source tools for threat intelligence

Microsoft threat intelligence

Investigating an Incident

Investigating an Incident

Scoping the issue

Investigating a compromised system on-premises

Investigating a compromised system in a hybrid cloud

Proactive investigation (threat hunting)

Lessons learned

Recovery Process

Recovery Process

Disaster recovery plan

Contingency planning

Business continuity plan

Best practices for disaster recovery

Further reading

Vulnerability Management

Vulnerability Management

Creating a vulnerability management strategy

Elements of a vulnerability strategy

Differences between vulnerability management and vulnerability assessment

Best practices for vulnerability management

Vulnerability management tools

Further reading

Log Analysis

Data correlation

Operating system logs

Web server logs

Amazon Web Services (AWS) logs

Azure Activity logs

Google Cloud Platform Logs

Other Books You May Enjoy

Other Books You May Enjoy

Index

Customer Reviews

5 (2)

5 star

100%

4 star

0

3 star

0

2 star

0

1 star

0

Investigating an Incident

In the previous chapter, you learned about the importance of using threat intelligence to help the Blue Team enhance the organization’s defense and also to know their adversaries better. In this chapter, you will learn how to put all these tools together to perform an investigation. Beyond the tools, you will also learn how to approach an incident, ask the right questions, and narrow down the scope. To illustrate that, there will be two scenarios, where one is in an on-premises organization and the other one is in a hybrid environment. Each scenario will have its unique characteristics and challenges.

In this chapter, we are going over the following topics:

Scoping the issue
On-premises compromised system
Cloud-based compromised system
Proactive investigation
Conclusion and lessons learned

Let’s start by examining how to determine if an issue has occurred, and what artifacts can provide more information...