Автор: Rebekah Brown, Scott J. Roberts
Издательство: O’Reilly Media, Inc.
Год: 2023-04-07
Страниц: 286
Язык: английский
Формат: pdf, epub, mobi
Размер: 10.1 MB
Cyber-threat intelligence isn’t a new concept, simply a new name for an old approach: applying a structured analytical process to understand an attack and the adversary behind it. The application of threat intelligence to network security is more recent, but the basics haven’t changed. Cyber-threat intelligence involves applying intelligence processes and concepts—some of the oldest concepts that exist—and making them a part of the overall information security process. Threat intelligence has many applications, but one of the fundamental ways it can be utilized is as an integral part of the intrusion-detection and incident-response process. We call this intelligence-driven incident response and think it is something every security team can do, with or without a major capital investment. It’s less about tools, although they certainly help sometimes, and more about a shift in the way we approach the incident-response process. Intelligence-driven incident response will help not only to identify, understand, and eradicate threats within a network, but also to strengthen the entire information security process to improve those responses in the future.
Using a well-conceived incident response plan in the aftermath of an online security breach enables your team to identify attackers and learn how they operate. But only when you approach incident response with a cyberthreat intelligence mindset will you truly understand the value of that information. In this updated second edition, you'll learn the fundamentals of intelligence analysis as well as the best ways to incorporate these techniques into your incident response process.
Each method reinforces the other: threat intelligence supports and augments incident response, while incident response generates useful threat intelligence. This practical guide helps incident managers, malware analysts, reverse engineers, digital forensics specialists, and intelligence analysts understand, implement, and benefit from this relationship.
In three parts, this in-depth book includes:
The fundamentals: get an introduction to cyberthreat intelligence, the intelligence process, the incident response process, and how they all work together
Practical application: walk through the intelligence-driven incident response (IDIR) process using the F3EAD process: Find, Fix, Finish, Exploit, Analyze, and Disseminate
The way forward: explore big-picture aspects of IDIR that go beyond individual incident response investigations, including intelligence team building
Скачать Intelligence-Driven Incident Response, 2nd Edition (5th Early Release)