Threat Hunting in the Cloud - Defending Aws, Azure and Other Cloud Platforms Against Cyberattacks

Ulteriori informazioni

Implement a vendor-neutral and multi-cloud cybersecurity and risk mitigation framework with advice from seasoned threat hunting pros
 
In Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks, celebrated cybersecurity professionals and authors Chris Peiris, Binil Pillai, and Abbas Kudrati leverage their decades of experience building large scale cyber fusion centers to deliver the ideal threat hunting resource for both business and technical audiences. You'll find insightful analyses of cloud platform security tools and, using the industry leading MITRE ATT&CK framework, discussions of the most common threat vectors.
 
You'll discover how to build a side-by-side cybersecurity fusion center on both Microsoft Azure and Amazon Web Services and deliver a multi-cloud strategy for enterprise customers. And you will find out how to create a vendor-neutral environment with rapid disaster recovery capability for maximum risk mitigation.
 
With this book you'll learn:
* Key business and technical drivers of cybersecurity threat hunting frameworks in today's technological environment
* Metrics available to assess threat hunting effectiveness regardless of an organization's size
* How threat hunting works with vendor-specific single cloud security offerings and on multi-cloud implementations
* A detailed analysis of key threat vectors such as email phishing, ransomware and nation state attacks
* Comprehensive AWS and Azure "how to" solutions through the lens of MITRE Threat Hunting Framework Tactics, Techniques and Procedures (TTPs)
* Azure and AWS risk mitigation strategies to combat key TTPs such as privilege escalation, credential theft, lateral movement, defend against command & control systems, and prevent data exfiltration
* Tools available on both the Azure and AWS cloud platforms which provide automated responses to attacks, and orchestrate preventative measures and recovery strategies
* Many critical components for successful adoption of multi-cloud threat hunting framework such as Threat Hunting Maturity Model, Zero Trust Computing, Human Elements of Threat Hunting, Integration of Threat Hunting with Security Operation Centers (SOCs) and Cyber Fusion Centers
* The Future of Threat Hunting with the advances in Artificial Intelligence, Machine Learning, Quantum Computing and the proliferation of IoT devices.
 
Perfect for technical executives (i.e., CTO, CISO), technical managers, architects, system admins and consultants with hands-on responsibility for cloud platforms, Threat Hunting in the Cloud is also an indispensable guide for business executives (i.e., CFO, COO CEO, board members) and managers who need to understand their organization's cybersecurity risk framework and mitigation strategy.

Sommario

Foreword xxxi
 
Introduction xxxiii
 
Part I Threat Hunting Frameworks 1
 
Chapter 1 Introduction to Threat Hunting 3
 
The Rise of Cybercrime 4
 
What Is Threat Hunting? 6
 
The Key Cyberthreats and Threat Actors 7
 
Phishing 7
 
Ransomware 8
 
Nation State 10
 
The Necessity of Threat Hunting 14
 
Does the Organization's Size Matter? 17
 
Threat Modeling 19
 
Threat-Hunting
 
Maturity Model 23
 
Organization Maturity and Readiness 23
 
Level 0: INITIAL 24
 
Level 1: MINIMAL 25
 
Level 2: PROCEDURAL 25
 
Level 3: INNOVATIVE 25
 
Level 4: LEADING 25
 
Human Elements of Threat Hunting 26
 
How Do You Make the Board of Directors Cyber-Smart? 27
 
Threat-Hunting Team Structure 30
 
External Model 30
 
Dedicated Internal Hunting Team Model 30
 
Combined/Hybrid Team Model 30
 
Periodic Hunt Teams Model 30
 
Urgent Need for Human-Led Threat Hunting 31
 
The Threat Hunter's Role 31
 
Summary 33
 
Chapter 2 Modern Approach to Multi-Cloud Threat Hunting 35
 
Multi-Cloud Threat Hunting 35
 
Multi-Tenant Cloud Environment 38
 
Threat Hunting in Multi-Cloud and Multi-Tenant Environments 39
 
Building Blocks for the Security Operations Center 41
 
Scope and Type of SOC 43
 
Services, Not Just Monitoring 43
 
SOC Model 43
 
Define a Process for Identifying and Managing Threats 44
 
Tools and Technologies to Empower SOC 44
 
People (Specialized Teams) 45
 
Cyberthreat Detection, Threat Modeling, and the Need for Proactive Threat Hunting Within SOC 46
 
Cyberthreat Detection 46
 
Threat-Hunting Goals and Objectives 49
 
Threat Modeling and SOC 50
 
The Need for a Proactive Hunting Team Within SOC 50
 
Assume Breach and Be Proactive 51
 
Invest in People 51
 
Develop an Informed Hypothesis 52
 
Cyber Resiliency and Organizational Culture 53
 
Skillsets Required for Threat Hunting 54
 
Security Analysis 55
 
Data Analysis 56
 
Programming Languages 56
 
Analytical Mindset 56
 
Soft Skills 56
 
Outsourcing 56
 
Threat-Hunting Process and Procedures 57
 
Metrics for Assessing the Effectiveness of Threat Hunting 58
 
Foundational Metrics 58
 
Operational Metrics 59
 
Threat-Hunting Program Effectiveness 61
 
Summary 62
 
Chapter 3 Exploration of MITRE Key Attack Vectors 63
 
Understanding MITRE ATT&CK 63
 
What Is MITRE ATT&CK Used For? 64
 
How Is MITRE ATT&CK Used and Who Uses It? 65
 
How Is Testing Done According to MITRE? 65
 
Tactics 67
 
Techniques 67
 
Threat Hunting Using Five Common Tactics 69
 
Privilege Escalation 71
 
Case Study 72
 
Credential Access 73
 
Case Study 74
 
Lateral Movement 75
 
Case Study 75
 
Command and Control 77
 
Case Study 77
 
Exfiltration 79
 
Case Study 79
 
Other Methodologies and Key Threat-Hunting Tools to Combat
 
Attack Vectors 80
 
Zero Trust 80
 
Threat Intelligence and Zero Trust 83
 
Build Cloud-Based Defense-in-Depth 84
 
Analysis Tools 86
 
Microsoft Tools 86
 
Connect To All Your Data 87
 
Workbooks 88
 
Analytics 88
 
Security Automation and Orchestration 90
 
Investigation 91
 
Hunt

Info autore

CHRIS PEIRIS, PhD, has advised Fortune 500 companies, Federal and State Governments, and Defense and Intelligence entities in the Americas, Asia, Japan, Europe, and Australia New Zealand. He has 25+ years of IT industry experience. He is the author of 10 published books and is a highly sought-after keynote speaker.
BINIL PILLAI is a Microsoft Global Security Compliance and Identity (SCI) Director for Strategy and Business Development focusing on the Small Medium Enterprise segment. He has 21+ years of experience in B2B cybersecurity, digital transformation, and management consulting. He is also a board advisor to several start-ups to help grow their businesses successfully. ABBAS KUDRATI is a CISO and cybersecurity practitioner. He is currently Microsoft Asia's Lead Chief Cybersecurity Advisor for the Security Solution Area and serves as Executive Advisor to Deakin University, LaTrobe University, HITRUST ASIA, and EC Council ASIA.

Riassunto

Implement a vendor-neutral and multi-cloud cybersecurity and risk mitigation framework with advice from seasoned threat hunting pros

In Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks, celebrated cybersecurity professionals and authors Chris Peiris, Binil Pillai, and Abbas Kudrati leverage their decades of experience building large scale cyber fusion centers to deliver the ideal threat hunting resource for both business and technical audiences. You'll find insightful analyses of cloud platform security tools and, using the industry leading MITRE ATT&CK framework, discussions of the most common threat vectors.

You'll discover how to build a side-by-side cybersecurity fusion center on both Microsoft Azure and Amazon Web Services and deliver a multi-cloud strategy for enterprise customers. And you will find out how to create a vendor-neutral environment with rapid disaster recovery capability for maximum risk mitigation.

With this book you'll learn:
* Key business and technical drivers of cybersecurity threat hunting frameworks in today's technological environment
* Metrics available to assess threat hunting effectiveness regardless of an organization's size
* How threat hunting works with vendor-specific single cloud security offerings and on multi-cloud implementations
* A detailed analysis of key threat vectors such as email phishing, ransomware and nation state attacks
* Comprehensive AWS and Azure "how to" solutions through the lens of MITRE Threat Hunting Framework Tactics, Techniques and Procedures (TTPs)
* Azure and AWS risk mitigation strategies to combat key TTPs such as privilege escalation, credential theft, lateral movement, defend against command & control systems, and prevent data exfiltration
* Tools available on both the Azure and AWS cloud platforms which provide automated responses to attacks, and orchestrate preventative measures and recovery strategies
* Many critical components for successful adoption of multi-cloud threat hunting framework such as Threat Hunting Maturity Model, Zero Trust Computing, Human Elements of Threat Hunting, Integration of Threat Hunting with Security Operation Centers (SOCs) and Cyber Fusion Centers
* The Future of Threat Hunting with the advances in Artificial Intelligence, Machine Learning, Quantum Computing and the proliferation of IoT devices.

Perfect for technical executives (i.e., CTO, CISO), technical managers, architects, system admins and consultants with hands-on responsibility for cloud platforms, Threat Hunting in the Cloud is also an indispensable guide for business executives (i.e., CFO, COO CEO, board members) and managers who need to understand their organization's cybersecurity risk framework and mitigation strategy.