Chris Peiris, Binil Pillai, Abbas Kudrati

Threat Hunting in the Cloud (eBook, PDF)

Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks

• Format: PDF

Produktbeschreibung

Implement a vendor-neutral and multi-cloud cybersecurity and risk mitigation framework with advice from seasoned threat hunting pros In Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks, celebrated cybersecurity professionals and authors Chris Peiris, Binil Pillai, and Abbas Kudrati leverage their decades of experience building large scale cyber fusion centers to deliver the ideal threat hunting resource for both business and technical audiences. You'll find insightful analyses of cloud platform security tools and, using the industry leading MITRE ATT&CK framework, discussions of the most common threat vectors. You'll discover how to build a side-by-side cybersecurity fusion center on both Microsoft Azure and Amazon Web Services and deliver a multi-cloud strategy for enterprise customers. And you will find out how to create a vendor-neutral environment with rapid disaster recovery capability for maximum risk mitigation. With this book you'll learn: * Key business and technical drivers of cybersecurity threat hunting frameworks in today's technological environment * Metrics available to assess threat hunting effectiveness regardless of an organization's size * How threat hunting works with vendor-specific single cloud security offerings and on multi-cloud implementations * A detailed analysis of key threat vectors such as email phishing, ransomware and nation state attacks * Comprehensive AWS and Azure "how to" solutions through the lens of MITRE Threat Hunting Framework Tactics, Techniques and Procedures (TTPs) * Azure and AWS risk mitigation strategies to combat key TTPs such as privilege escalation, credential theft, lateral movement, defend against command & control systems, and prevent data exfiltration * Tools available on both the Azure and AWS cloud platforms which provide automated responses to attacks, and orchestrate preventative measures and recovery strategies * Many critical components for successful adoption of multi-cloud threat hunting framework such as Threat Hunting Maturity Model, Zero Trust Computing, Human Elements of Threat Hunting, Integration of Threat Hunting with Security Operation Centers (SOCs) and Cyber Fusion Centers * The Future of Threat Hunting with the advances in Artificial Intelligence, Machine Learning, Quantum Computing and the proliferation of IoT devices. Perfect for technical executives (i.e., CTO, CISO), technical managers, architects, system admins and consultants with hands-on responsibility for cloud platforms, Threat Hunting in the Cloud is also an indispensable guide for business executives (i.e., CFO, COO CEO, board members) and managers who need to understand their organization's cybersecurity risk framework and mitigation strategy.

---

Dieser Download kann aus rechtlichen Gründen nur mit Rechnungsadresse in A, B, BG, CY, CZ, D, DK, EW, E, FIN, F, GR, HR, H, IRL, I, LT, L, LR, M, NL, PL, P, R, S, SLO, SK ausgeliefert werden.

Produktdetails

• Verlag: John Wiley & Sons
• Seitenzahl: 544
• Erscheinungstermin: 1. September 2021
• Englisch
• ISBN-13: 9781119804116
• Artikelnr.: 62584020

Autorenporträt

CHRIS PEIRIS, PhD, has advised Fortune 500 companies, Federal and State Governments, and Defense and Intelligence entities in the Americas, Asia, Japan, Europe, and Australia New Zealand. He has 25+ years of IT industry experience. He is the author of 10 published books and is a highly sought-after keynote speaker. BINIL PILLAI is a Microsoft Global Security Compliance and Identity (SCI) Director for Strategy and Business Development focusing on the Small Medium Enterprise segment. He has 21+ years of experience in B2B cybersecurity, digital transformation, and management consulting. He is also a board advisor to several start-ups to help grow their businesses successfully. ABBAS KUDRATI is a CISO and cybersecurity practitioner. He is currently Microsoft Asia's Lead Chief Cybersecurity Advisor for the Security Solution Area and serves as Executive Advisor to Deakin University, LaTrobe University, HITRUST ASIA, and EC Council ASIA.

Inhaltsangabe

Foreword xxxi

Introduction xxxiii

Part I Threat Hunting Frameworks 1

Chapter 1 Introduction to Threat Hunting 3

The Rise of Cybercrime 4

What Is Threat Hunting? 6

The Key Cyberthreats and Threat Actors 7

Phishing 7

Ransomware 8

Nation State 10

The Necessity of Threat Hunting 14

Does the Organization's Size Matter? 17

Threat Modeling 19

Threat-Hunting

Maturity Model 23

Organization Maturity and Readiness 23

Level 0: INITIAL 24

Level 1: MINIMAL 25

Level 2: PROCEDURAL 25

Level 3: INNOVATIVE 25

Level 4: LEADING 25

Human Elements of Threat Hunting 26

How Do You Make the Board of Directors Cyber-Smart? 27

Threat-Hunting Team Structure 30

External Model 30

Dedicated Internal Hunting Team Model 30

Combined/Hybrid Team Model 30

Periodic Hunt Teams Model 30

Urgent Need for Human-Led Threat Hunting 31

The Threat Hunter's Role 31

Summary 33

Chapter 2 Modern Approach to Multi-Cloud Threat Hunting 35

Multi-Cloud Threat Hunting 35

Multi-Tenant Cloud Environment 38

Threat Hunting in Multi-Cloud and Multi-Tenant Environments 39

Building Blocks for the Security Operations Center 41

Scope and Type of SOC 43

Services, Not Just Monitoring 43

SOC Model 43

Define a Process for Identifying and Managing Threats 44

Tools and Technologies to Empower SOC 44

People (Specialized Teams) 45

Cyberthreat Detection, Threat Modeling, and the Need for Proactive Threat Hunting Within SOC 46

Cyberthreat Detection 46

Threat-Hunting Goals and Objectives 49

Threat Modeling and SOC 50

The Need for a Proactive Hunting Team Within SOC 50

Assume Breach and Be Proactive 51

Invest in People 51

Develop an Informed Hypothesis 52

Cyber Resiliency and Organizational Culture 53

Skillsets Required for Threat Hunting 54

Security Analysis 55

Data Analysis 56

Programming Languages 56

Analytical Mindset 56

Soft Skills 56

Outsourcing 56

Threat-Hunting Process and Procedures 57

Metrics for Assessing the Effectiveness of Threat Hunting 58

Foundational Metrics 58

Operational Metrics 59

Threat-Hunting Program Effectiveness 61

Summary 62

Chapter 3 Exploration of MITRE Key Attack Vectors 63

Understanding MITRE ATT&CK 63

What Is MITRE ATT&CK Used For? 64

How Is MITRE ATT&CK Used and Who Uses It? 65

How Is Testing Done According to MITRE? 65

Tactics 67

Techniques 67

Threat Hunting Using Five Common Tactics 69

Privilege Escalation 71

Case Study 72

Credential Access 73

Case Study 74

Lateral Movement 75

Case Study 75

Command and Control 77

Case Study 77

Exfiltration 79

Case Study 79

Other Methodologies and Key Threat-Hunting Tools to Combat

Attack Vectors 80

Zero Trust 80

Threat Intelligence and Zero Trust 83

Build Cloud-Based Defense-in-Depth 84

Analysis Tools 86

Microsoft Tools 86

Connect To All Your Data 87

Workbooks 88

Analytics 88

Security Automation and Orchestration 90

Investigation 91

Hunt