Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Cybersecurity Threats, Malware Trends, and Strategies
  • Table Of Contents Toc
Cybersecurity Threats, Malware Trends, and Strategies

Cybersecurity Threats, Malware Trends, and Strategies - Second Edition

By : Tim Rains
4.9 (38)
Buy this Book
close
close
Cybersecurity Threats, Malware Trends, and Strategies

Cybersecurity Threats, Malware Trends, and Strategies

4.9 (38)
By: Tim Rains
Buy this Book

Overview of this book

Tim Rains is Microsoft's former Global Chief Security Advisor and Amazon Web Services’ former Global Security Leader for Worldwide Public Sector. He has spent the last two decades advising private and public sector organizations all over the world on cybersecurity strategies. Cybersecurity Threats, Malware Trends, and Strategies, Second Edition builds upon the success of the first edition that has helped so many aspiring CISOs, and cybersecurity professionals understand and develop effective data-driven cybersecurity strategies for their organizations. In this edition, you’ll examine long-term trends in vulnerability disclosures and exploitation, regional differences in malware infections and the socio-economic factors that underpin them, and how ransomware evolved from an obscure threat to the most feared threat in cybersecurity. You’ll also gain valuable insights into the roles that governments play in cybersecurity, including their role as threat actors, and how to mitigate government access to data. The book concludes with a deep dive into modern approaches to cybersecurity using the cloud. By the end of this book, you will have a better understanding of the threat landscape, how to recognize good Cyber Threat Intelligence, and how to measure the effectiveness of your organization's cybersecurity strategy.
Table of Contents (15 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Get in touch
Icon
Share your thoughts
1
Introduction
Icon
Introduction
Icon
Different types of CISOs: “The CISO Spectrum”
Icon
How organizations get initially compromised and the cybersecurity fundamentals
Icon
Focus on the cybersecurity fundamentals
Icon
Understanding the difference between attackers’ motivations and tactics
Icon
Summary
Icon
References
Lock Free Chapter
2
What to Know about Threat Intelligence
chevron up
Icon
What to Know about Threat Intelligence
Icon
What is threat intelligence?
Icon
Where does CTI data come from?
Icon
Using threat intelligence
Icon
Threat intelligence sharing
Icon
How to identify credible cyber threat intelligence
Icon
Summary
Icon
References
3
Using Vulnerability Trends to Reduce Risk and Costs
Icon
Using Vulnerability Trends to Reduce Risk and Costs
Icon
Introduction
Icon
Vulnerability Management Primer
Icon
Vulnerability Disclosure Data Sources
Icon
Industry Vulnerability Disclosure Trends
Icon
Vulnerability Management Guidance
Icon
Summary
Icon
References
4
The Evolution of Malware
Icon
The Evolution of Malware
Icon
Introduction
Icon
Why is there so much malware on Windows compared to other platforms?
Icon
Data sources
Icon
About malware
Icon
Global Windows malware infection analysis
Icon
Regional Windows malware infection analysis
Icon
Global malware evolution
Icon
The evolution of ransomware
Icon
The great debate – are anti-malware solutions really worthwhile?
Icon
Summary
Icon
References
5
Internet-Based Threats
Icon
Internet-Based Threats
Icon
Introduction
Icon
A typical attack
Icon
Phishing attacks
Icon
Drive-by download attacks
Icon
Malware-hosting sites
Icon
Post compromise – botnets and DDoS attacks
Icon
Summary
Icon
References
6
The Roles Governments Play in Cybersecurity
Icon
The Roles Governments Play in Cybersecurity
Icon
The pursuit of happiness
Icon
Governments as cybersecurity market participants
Icon
Governments as standards bodies
Icon
Governments as enforcers
Icon
Governments as defenders
Icon
Summary
Icon
References
7
Government Access to Data
Icon
Government Access to Data
Icon
Understanding government access to data
Icon
Lawful government access to data
Icon
Mitigating government access to data
Icon
Conclusion
Icon
Summary
Icon
References
8
Ingredients for a Successful Cybersecurity Strategy
Icon
Ingredients for a Successful Cybersecurity Strategy
Icon
What is a cybersecurity strategy?
Icon
Other ingredients for a successful strategy
Icon
Summary
Icon
References
9
Cybersecurity Strategies
Icon
Cybersecurity Strategies
Icon
Introduction
Icon
Measuring the efficacy of cybersecurity strategies
Icon
Cybersecurity strategies
Icon
Protect and Recover Strategy
Icon
Endpoint Protection Strategy
Icon
Physical control and security clearances as a security strategy
Icon
Compliance as a Security Strategy
Icon
Application-Centric Strategy
Icon
Identity-Centric Strategy
Icon
Data-Centric Strategy
Icon
Attack-Centric Strategy
Icon
Zero Trust
Icon
Cybersecurity strategies summary
Icon
DevOps and DevSecOps
Icon
Summary
Icon
References
10
Strategy Implementation
Icon
Strategy Implementation
Icon
Introduction
Icon
What is an Intrusion Kill Chain?
Icon
Modernizing the Kill Chain
Icon
Getting started
Icon
Implementing this strategy
Icon
Designing control sets
Icon
Conclusion
Icon
Summary
Icon
References
11
Measuring Performance and Effectiveness
Icon
Measuring Performance and Effectiveness
Icon
Introduction
Icon
Using vulnerability management data
Icon
Measuring the performance and efficacy of an Attack-Centric Strategy
Icon
Summary
Icon
References
12
Modern Approaches to Security and Compliance
Icon
Modern Approaches to Security and Compliance
Icon
Introduction
Icon
How is cloud computing different?
Icon
Security and compliance game changers
Icon
Using cybersecurity strategies in the cloud
Icon
Encryption and key management
Icon
Conclusion
Icon
Summary
Icon
References
13
Other Books You May Enjoy
Icon
Other Books You May Enjoy
14
Index
Icon
Index

What to Know about Threat Intelligence

I admit it, I’m a threat intelligence data geek. I really enjoy studying threat intelligence. It helps me understand the tactics and techniques that are in vogue with attackers and how the threat landscape is evolving. One of the best jobs I had at Microsoft was working as a Director of Trustworthy Computing. In this role I was the executive editor and a contributor to the Microsoft Security Intelligence Report, which we called “the SIR.” During the 8 or 9 years I helped produce the SIR, we published more than 20 volumes and special editions of this report, spanning thousands of pages. I gave literally thousands of threat intelligence briefings for customers around the world, as well as press and analyst interviews. I can tell you from experience, interviews on live television in front of millions of people, discussing threat intelligence, are nerve-wracking! (BBC News, 2013).

Building and publishing the SIR was a lot of work, but very rewarding. In this role, I had the opportunity to work with so many smart people in the Microsoft Security Response Center (MSRC), the Microsoft Malware Protection Center (MMPC), the Microsoft Digital Crimes Unit (DCU), the Security Development Lifecycle (SDL) team, Microsoft IT, and many others. Doing this work gave me a deep appreciation for the value of good threat intelligence and some of the ways it is produced. Microsoft has continued to invest in threat intelligence and they now have a center dedicated to it called the Microsoft Threat Intelligence Center (MSTIC), in which a few of my former colleagues work.

I provide a deep dive into data from the SIR in Chapter 4, The Evolution of Malware. I also provide a deep dive into security vulnerabilities in Chapter 3, Using Vulnerability Trends to Reduce Risk and Costs.

But before I get to this data, let me provide some useful context to help you consume the data in those chapters and other threat intelligence you encounter in your career.

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Cybersecurity Threats, Malware Trends, and Strategies
End of Section 2
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon