Book Image

Cybersecurity – Attack and Defense Strategies - Third Edition

By : Yuri Diogenes, Dr. Erdal Ozkaya

5 (2)

Book Image

Cybersecurity – Attack and Defense Strategies - Third Edition

5 (2)

By: Yuri Diogenes, Dr. Erdal Ozkaya

Overview of this book

Cybersecurity – Attack and Defense Strategies, Third Edition will bring you up to speed with the key aspects of threat assessment and security hygiene, the current threat landscape and its challenges, and how to maintain a strong security posture. In this carefully revised new edition, you will learn about the Zero Trust approach and the initial Incident Response process. You will gradually become familiar with Red Team tactics, where you will learn basic syntax for commonly used tools to perform the necessary operations. You will also learn how to apply newer Red Team techniques with powerful tools. Simultaneously, Blue Team tactics are introduced to help you defend your system from complex cyber-attacks. This book provides a clear, in-depth understanding of attack/defense methods as well as patterns to recognize irregular behavior within your organization. Finally, you will learn how to analyze your network and address malware, while becoming familiar with mitigation and threat detection techniques. By the end of this cybersecurity book, you will have discovered the latest tools to enhance the security of your system, learned about the security controls you need, and understood how to carry out each step of the incident response process.

Preface

Who this book is for

What this book covers

To get the most out of this book

Security Posture

Security Posture

Why security hygiene should be your number one priority

The current threat landscape

Cybersecurity challenges

Enhancing your security posture

The Red and Blue Teams

Free Chapter

Incident Response Process

Incident Response Process

The incident response process

Handling an incident

Post-incident activity

Considerations for incident response in the cloud

What is a Cyber Strategy?

What is a Cyber Strategy?

How to build a cyber strategy

Why do we need to build a cyber strategy?

Best cyber attack strategies

Best cyber defense strategies

Benefits of having a proactive cybersecurity strategy

Top cybersecurity strategies for businesses

Further reading

Understanding the Cybersecurity Kill Chain

Understanding the Cybersecurity Kill Chain

Understanding the Cyber Kill Chain

Security controls used to stop the Cyber Kill Chain

Threat life cycle management

Concerns about the Cybersecurity Kill Chain

How the Cyber Kill Chain has evolved

Tools used during the Cyber Kill Chain

Comodo AEP via Dragon Platform

Further reading

Reconnaissance

External reconnaissance

Internal reconnaissance

Tools used for reconnaissance

Passive vs. active reconnaissance

How to combat reconnaissance

How to prevent reconnaissance

Compromising the System

Compromising the System

Analyzing current trends

Performing the steps to compromise a system

Mobile phone (iOS/Android) attacks

Further reading

Chasing a User’s Identity

Chasing a User’s Identity

Identity is the new perimeter

Strategies for compromising a user’s identity

Lateral Movement

Lateral Movement

Network mapping

Performing lateral movement

Further reading

Privilege Escalation

Privilege Escalation

Security Policy

Security Policy

Reviewing your security policy

Educating the end user

Policy enforcement

Monitoring for compliance

Continuously driving security posture enhancement via security policy

Network Security

Network Security

The defense-in-depth approach

Physical network segmentation

Securing remote access to the network

Virtual network segmentation

Zero trust network

Hybrid cloud network security

Active Sensors

Detection capabilities

Intrusion detection systems

Intrusion prevention system

Behavior analytics on-premises

Behavior analytics in a hybrid cloud

Threat Intelligence

Threat Intelligence

Introduction to threat intelligence

Open-source tools for threat intelligence

Microsoft threat intelligence

Investigating an Incident

Investigating an Incident

Scoping the issue

Investigating a compromised system on-premises

Investigating a compromised system in a hybrid cloud

Proactive investigation (threat hunting)

Lessons learned

Recovery Process

Recovery Process

Disaster recovery plan

Contingency planning

Business continuity plan

Best practices for disaster recovery

Further reading

Vulnerability Management

Vulnerability Management

Creating a vulnerability management strategy

Elements of a vulnerability strategy

Differences between vulnerability management and vulnerability assessment

Best practices for vulnerability management

Vulnerability management tools

Further reading

Log Analysis

Data correlation

Operating system logs

Web server logs

Amazon Web Services (AWS) logs

Azure Activity logs

Google Cloud Platform Logs

Other Books You May Enjoy

Other Books You May Enjoy

Index

Customer Reviews

5 (2)

5 star

100%

4 star

0

3 star

0

2 star

0

1 star

0

Summary

In this chapter, you learned how important it is to correctly scope an issue before investigating it from a security perspective. You learned the key artifacts in a Windows system and how to improve your data analysis by reviewing only the relevant logs for the case. Next, you followed an on-premises investigation case, analyzed the relevant data, and saw how to interpret that data. You also followed a hybrid cloud investigation case, but this time, using Microsoft Defender for Cloud as the main monitoring tool. You also learned the importance of integrating Microsoft Defender for Cloud with your SIEM solution for a more robust investigation. Lastly, you learned how to perform proactive investigation, also known as threat hunting, using Microsoft Sentinel.

In the next chapter, you will learn how to perform a recovery process in a system that was previously compromised. You will also learn about backup and disaster recovery plans.