Book Image

Cybersecurity – Attack and Defense Strategies - Third Edition

By : Yuri Diogenes, Dr. Erdal Ozkaya

5 (2)

Book Image

Cybersecurity – Attack and Defense Strategies - Third Edition

5 (2)

By: Yuri Diogenes, Dr. Erdal Ozkaya

Overview of this book

Cybersecurity – Attack and Defense Strategies, Third Edition will bring you up to speed with the key aspects of threat assessment and security hygiene, the current threat landscape and its challenges, and how to maintain a strong security posture. In this carefully revised new edition, you will learn about the Zero Trust approach and the initial Incident Response process. You will gradually become familiar with Red Team tactics, where you will learn basic syntax for commonly used tools to perform the necessary operations. You will also learn how to apply newer Red Team techniques with powerful tools. Simultaneously, Blue Team tactics are introduced to help you defend your system from complex cyber-attacks. This book provides a clear, in-depth understanding of attack/defense methods as well as patterns to recognize irregular behavior within your organization. Finally, you will learn how to analyze your network and address malware, while becoming familiar with mitigation and threat detection techniques. By the end of this cybersecurity book, you will have discovered the latest tools to enhance the security of your system, learned about the security controls you need, and understood how to carry out each step of the incident response process.

Preface

Who this book is for

What this book covers

To get the most out of this book

Security Posture

Security Posture

Why security hygiene should be your number one priority

The current threat landscape

Cybersecurity challenges

Enhancing your security posture

The Red and Blue Teams

Free Chapter

Incident Response Process

Incident Response Process

The incident response process

Handling an incident

Post-incident activity

Considerations for incident response in the cloud

What is a Cyber Strategy?

What is a Cyber Strategy?

How to build a cyber strategy

Why do we need to build a cyber strategy?

Best cyber attack strategies

Best cyber defense strategies

Benefits of having a proactive cybersecurity strategy

Top cybersecurity strategies for businesses

Further reading

Understanding the Cybersecurity Kill Chain

Understanding the Cybersecurity Kill Chain

Understanding the Cyber Kill Chain

Security controls used to stop the Cyber Kill Chain

Threat life cycle management

Concerns about the Cybersecurity Kill Chain

How the Cyber Kill Chain has evolved

Tools used during the Cyber Kill Chain

Comodo AEP via Dragon Platform

Further reading

Reconnaissance

External reconnaissance

Internal reconnaissance

Tools used for reconnaissance

Passive vs. active reconnaissance

How to combat reconnaissance

How to prevent reconnaissance

Compromising the System

Compromising the System

Analyzing current trends

Performing the steps to compromise a system

Mobile phone (iOS/Android) attacks

Further reading

Chasing a User’s Identity

Chasing a User’s Identity

Identity is the new perimeter

Strategies for compromising a user’s identity

Lateral Movement

Lateral Movement

Network mapping

Performing lateral movement

Further reading

Privilege Escalation

Privilege Escalation

Security Policy

Security Policy

Reviewing your security policy

Educating the end user

Policy enforcement

Monitoring for compliance

Continuously driving security posture enhancement via security policy

Network Security

Network Security

The defense-in-depth approach

Physical network segmentation

Securing remote access to the network

Virtual network segmentation

Zero trust network

Hybrid cloud network security

Active Sensors

Detection capabilities

Intrusion detection systems

Intrusion prevention system

Behavior analytics on-premises

Behavior analytics in a hybrid cloud

Threat Intelligence

Threat Intelligence

Introduction to threat intelligence

Open-source tools for threat intelligence

Microsoft threat intelligence

Investigating an Incident

Investigating an Incident

Scoping the issue

Investigating a compromised system on-premises

Investigating a compromised system in a hybrid cloud

Proactive investigation (threat hunting)

Lessons learned

Recovery Process

Recovery Process

Disaster recovery plan

Contingency planning

Business continuity plan

Best practices for disaster recovery

Further reading

Vulnerability Management

Vulnerability Management

Creating a vulnerability management strategy

Elements of a vulnerability strategy

Differences between vulnerability management and vulnerability assessment

Best practices for vulnerability management

Vulnerability management tools

Further reading

Log Analysis

Data correlation

Operating system logs

Web server logs

Amazon Web Services (AWS) logs

Azure Activity logs

Google Cloud Platform Logs

Other Books You May Enjoy

Other Books You May Enjoy

Index

Customer Reviews

5 (2)

5 star

100%

4 star

0

3 star

0

2 star

0

1 star

0

Google Cloud Platform Logs

Many organizations are moving towards a multi-cloud environment and Google Cloud Platform (GCP) is another big player that you need to be aware of how to monitor. GCP Cloud Audit Logs enables you to answer the following questions:

Who did what?
When was it done?
Where was it done?

Using Microsoft Sentinel, you can ingest GCP Identity and Access Management (IAM) logs, which can be used to see admin activity (audit logs), which includes “admin write” operations, and Data Access audit logs, which includes “admin read” operations.

Once the connector is configured, the status will appear similar to the sample screenshot that follows:

Chart, line chart Description automatically generated

Figure 17.11: GCP IAM connector

Once the connector is configured and ingesting data, you can perform queries using KQL. The example below is checking all GCP IAM logs and filtering the result to show only the following fields: SourceSystem, resource_labels_method_s...