Book Image

Cybersecurity – Attack and Defense Strategies - Third Edition

By : Yuri Diogenes, Dr. Erdal Ozkaya

5 (2)

Book Image

Cybersecurity – Attack and Defense Strategies - Third Edition

5 (2)

By: Yuri Diogenes, Dr. Erdal Ozkaya

Overview of this book

Cybersecurity – Attack and Defense Strategies, Third Edition will bring you up to speed with the key aspects of threat assessment and security hygiene, the current threat landscape and its challenges, and how to maintain a strong security posture. In this carefully revised new edition, you will learn about the Zero Trust approach and the initial Incident Response process. You will gradually become familiar with Red Team tactics, where you will learn basic syntax for commonly used tools to perform the necessary operations. You will also learn how to apply newer Red Team techniques with powerful tools. Simultaneously, Blue Team tactics are introduced to help you defend your system from complex cyber-attacks. This book provides a clear, in-depth understanding of attack/defense methods as well as patterns to recognize irregular behavior within your organization. Finally, you will learn how to analyze your network and address malware, while becoming familiar with mitigation and threat detection techniques. By the end of this cybersecurity book, you will have discovered the latest tools to enhance the security of your system, learned about the security controls you need, and understood how to carry out each step of the incident response process.

Preface

Who this book is for

What this book covers

To get the most out of this book

Security Posture

Security Posture

Why security hygiene should be your number one priority

The current threat landscape

Cybersecurity challenges

Enhancing your security posture

The Red and Blue Teams

Free Chapter

Incident Response Process

Incident Response Process

The incident response process

Handling an incident

Post-incident activity

Considerations for incident response in the cloud

What is a Cyber Strategy?

What is a Cyber Strategy?

How to build a cyber strategy

Why do we need to build a cyber strategy?

Best cyber attack strategies

Best cyber defense strategies

Benefits of having a proactive cybersecurity strategy

Top cybersecurity strategies for businesses

Further reading

Understanding the Cybersecurity Kill Chain

Understanding the Cybersecurity Kill Chain

Understanding the Cyber Kill Chain

Security controls used to stop the Cyber Kill Chain

Threat life cycle management

Concerns about the Cybersecurity Kill Chain

How the Cyber Kill Chain has evolved

Tools used during the Cyber Kill Chain

Comodo AEP via Dragon Platform

Further reading

Reconnaissance

External reconnaissance

Internal reconnaissance

Tools used for reconnaissance

Passive vs. active reconnaissance

How to combat reconnaissance

How to prevent reconnaissance

Compromising the System

Compromising the System

Analyzing current trends

Performing the steps to compromise a system

Mobile phone (iOS/Android) attacks

Further reading

Chasing a User’s Identity

Chasing a User’s Identity

Identity is the new perimeter

Strategies for compromising a user’s identity

Lateral Movement

Lateral Movement

Network mapping

Performing lateral movement

Further reading

Privilege Escalation

Privilege Escalation

Security Policy

Security Policy

Reviewing your security policy

Educating the end user

Policy enforcement

Monitoring for compliance

Continuously driving security posture enhancement via security policy

Network Security

Network Security

The defense-in-depth approach

Physical network segmentation

Securing remote access to the network

Virtual network segmentation

Zero trust network

Hybrid cloud network security

Active Sensors

Detection capabilities

Intrusion detection systems

Intrusion prevention system

Behavior analytics on-premises

Behavior analytics in a hybrid cloud

Threat Intelligence

Threat Intelligence

Introduction to threat intelligence

Open-source tools for threat intelligence

Microsoft threat intelligence

Investigating an Incident

Investigating an Incident

Scoping the issue

Investigating a compromised system on-premises

Investigating a compromised system in a hybrid cloud

Proactive investigation (threat hunting)

Lessons learned

Recovery Process

Recovery Process

Disaster recovery plan

Contingency planning

Business continuity plan

Best practices for disaster recovery

Further reading

Vulnerability Management

Vulnerability Management

Creating a vulnerability management strategy

Elements of a vulnerability strategy

Differences between vulnerability management and vulnerability assessment

Best practices for vulnerability management

Vulnerability management tools

Further reading

Log Analysis

Data correlation

Operating system logs

Web server logs

Amazon Web Services (AWS) logs

Azure Activity logs

Google Cloud Platform Logs

Other Books You May Enjoy

Other Books You May Enjoy

Index

Customer Reviews

5 (2)

5 star

100%

4 star

0

3 star

0

2 star

0

1 star

0

Log Analysis

In Chapter 14, Investigating an Incident, you learned about the investigation process, and some techniques for finding the right information while investigating an issue. However, to investigate a security issue, it is often necessary to review multiple logs from different vendors and different devices. Although each vendor might have some custom fields in the log, the reality is that once you learn how to read logs, it becomes easier to switch vendors and just focus on deltas for that vendor. While there are many tools that will automate log aggregation, such as a SIEM solution, there will be scenarios in which you need to manually analyze a log in order to figure out the root cause.

In this chapter, we are going to cover the following topics:

Data correlation
Operating system logs
Firewall logs
Web server logs
Amazon Web Services (AWS) logs
Azure Activity logs
Google Cloud Platform (GCP) logs

Let’s start...