Threat hunting in the cloud : defending AWS, Azure and other cloud platforms against cyberattacks /: defending AWS, Azure and other cloud platforms against cyberattacks. (2021)
- Record Type:
- Book
- Title:
- Threat hunting in the cloud : defending AWS, Azure and other cloud platforms against cyberattacks /: defending AWS, Azure and other cloud platforms against cyberattacks. (2021)
- Main Title:
- Threat hunting in the cloud : defending AWS, Azure and other cloud platforms against cyberattacks
- Further Information:
- Note: Abbas Kudrati, Chris Peiris, Binil Pillai.
- Authors:
- Kudrati, Abbas
Peiris, Chris
Pillai, Binil - Contents:
- Foreword xxxi Introduction xxxiii Part I Threat Hunting Frameworks 1 Chapter 1 Introduction to Threat Hunting 3 The Rise of Cybercrime 4 What Is Threat Hunting? 6 The Key Cyberthreats and Threat Actors 7 Phishing 7 Ransomware 8 Nation State 10 The Necessity of Threat Hunting 14 Does the Organization’s Size Matter? 17 Threat Modeling 19 Threat-Hunting Maturity Model 23 Organization Maturity and Readiness 23 Level 0: INITIAL 24 Level 1: MINIMAL 25 Level 2: PROCEDURAL 25 Level 3: INNOVATIVE 25 Level 4: LEADING 25 Human Elements of Threat Hunting 26 How Do You Make the Board of Directors Cyber-Smart? 27 Threat-Hunting Team Structure 30 External Model 30 Dedicated Internal Hunting Team Model 30 Combined/Hybrid Team Model 30 Periodic Hunt Teams Model 30 Urgent Need for Human-Led Threat Hunting 31 The Threat Hunter’s Role 31 Summary 33 Chapter 2 Modern Approach to Multi-Cloud Threat Hunting 35 Multi-Cloud Threat Hunting 35 Multi-Tenant Cloud Environment 38 Threat Hunting in Multi-Cloud and Multi-Tenant Environments 39 Building Blocks for the Security Operations Center 41 Scope and Type of SOC 43 Services, Not Just Monitoring 43 SOC Model 43 Define a Process for Identifying and Managing Threats 44 Tools and Technologies to Empower SOC 44 People (Specialized Teams) 45 Cyberthreat Detection, Threat Modeling, and the Need for Proactive Threat Hunting Within SOC 46 Cyberthreat Detection 46 Threat-Hunting Goals and Objectives 49 Threat Modeling and SOC 50 The Need for a Proactive HuntingForeword xxxi Introduction xxxiii Part I Threat Hunting Frameworks 1 Chapter 1 Introduction to Threat Hunting 3 The Rise of Cybercrime 4 What Is Threat Hunting? 6 The Key Cyberthreats and Threat Actors 7 Phishing 7 Ransomware 8 Nation State 10 The Necessity of Threat Hunting 14 Does the Organization’s Size Matter? 17 Threat Modeling 19 Threat-Hunting Maturity Model 23 Organization Maturity and Readiness 23 Level 0: INITIAL 24 Level 1: MINIMAL 25 Level 2: PROCEDURAL 25 Level 3: INNOVATIVE 25 Level 4: LEADING 25 Human Elements of Threat Hunting 26 How Do You Make the Board of Directors Cyber-Smart? 27 Threat-Hunting Team Structure 30 External Model 30 Dedicated Internal Hunting Team Model 30 Combined/Hybrid Team Model 30 Periodic Hunt Teams Model 30 Urgent Need for Human-Led Threat Hunting 31 The Threat Hunter’s Role 31 Summary 33 Chapter 2 Modern Approach to Multi-Cloud Threat Hunting 35 Multi-Cloud Threat Hunting 35 Multi-Tenant Cloud Environment 38 Threat Hunting in Multi-Cloud and Multi-Tenant Environments 39 Building Blocks for the Security Operations Center 41 Scope and Type of SOC 43 Services, Not Just Monitoring 43 SOC Model 43 Define a Process for Identifying and Managing Threats 44 Tools and Technologies to Empower SOC 44 People (Specialized Teams) 45 Cyberthreat Detection, Threat Modeling, and the Need for Proactive Threat Hunting Within SOC 46 Cyberthreat Detection 46 Threat-Hunting Goals and Objectives 49 Threat Modeling and SOC 50 The Need for a Proactive Hunting Team Within SOC 50 Assume Breach and Be Proactive 51 Invest in People 51 Develop an Informed Hypothesis 52 Cyber Resiliency and Organizational Culture 53 Skillsets Required for Threat Hunting 54 Security Analysis 55 Data Analysis 56 Programming Languages 56 Analytical Mindset 56 Soft Skills 56 Outsourcing 56 Threat-Hunting Process and Procedures 57 Metrics for Assessing the Effectiveness of Threat Hunting 58 Foundational Metrics 58 Operational Metrics 59 Threat-Hunting Program Effectiveness 61 Summary 62 Chapter 3 Exploration of MITRE Key Attack Vectors 63 Understanding MITRE ATT&CK 63 What Is MITRE ATT&CK Used For? 64 How Is MITRE ATT&CK Used and Who Uses It? 65 How Is Testing Done According to MITRE? 65 Tactics 67 Techniques 67 Threat Hunting Using Five Common Tactics 69 Privilege Escalation 71 Case Study 72 Credential Access 73 Case Study 74 Lateral Movement 75 Case Study 75 Command and Control 77 Case Study 77 Exfiltration 79 Case Study 79 Other Methodologies and Key Threat-Hunting Tools to Combat Attack Vectors 80 Zero Trust 80 Threat Intelligence and Zero Trust 83 Build Cloud-Based Defense-in-Depth 84 Analysis Tools 86 Microsoft Tools 86 Connect To All Your Data 87 Workbooks 88 Analytics 88 Security Automation and Orchestration 90 Investigation 91 Hunting 92 Community 92 AWS Tools 93 Analyzing Logs Directly 93 SIEMs in the Cloud 94 Summary 95 Resources 96 Part II Hunting in Microsoft Azure 99 Chapter 4 Microsoft Azure Cloud Threat Prevention Framework 101 Introduction to Microsoft Security 102 Understanding the Shared Responsibility Model 102 Microsoft Services for Cloud Security Posture Management and Logging/Monitoring 105 Overview of Azure Security Center and Azure Defender 105 Overview of Microsoft Azure Sentinel 108 Using Microsoft Secure and Protect Features 112 Identity & Access Management 113 Infrastructure & Network 114 Data & Application 115 Customer Access 115 Using Azure Web Application Firewall to Protect a Website Against an “Initial Access” TTP 116 Using Microsoft Defender for Office 365 to Protect Against an “Initial Access” TTP 118 Using Microsoft Defender Endpoint to Protect Against an “Initial Access” TTP 121 Using Azure Conditional Access to Protect Against an “Initial Access” TTP 123 Microsoft Detect Services 127 Detecting “Privilege Escalation” TTPs 128 Using Azure Security Center and Azure Sentinel to Detect Threats Against a “Privilege Escalation” TTP 128 Detecting Credential Access 131 Using Azure Identity Protection to Detect Threats Against a “Credential Access” TTP 132 Steps to Configure and Enable Risk Polices (Sign-in Risk and User Risk) 134 Using Azure Security Center and Azure Sentinel to Detect Threats Against a “Credential Access” TTP 137 Detecting Lateral Movement 139 Using Just-in-Time in ASC to Protect and Detect Threats Against a “Lateral Movement” TTP 139 Using Azure Security Center and Azure Sentinel to Detect Threats Against a “Lateral Movement” TTP 144 Detecting Command and Control 145 Using Azure Security Center and Azure Sentinel to Detect Threats Against a “Command and Control” TTP 146 Detecting Data Exfiltration 147 Using Azure Information Protection to Detect Threats Against a “Data Exfiltration” TTP 148 Discovering Sensitive Content Using AIP 149 Using Azure Security Center and Azure Sentinel to Detect Threats Against a “Data Exfiltration” TTP 153 Detecting Threats and Proactively Hunting with Microsoft 365 Defender 154 Microsoft Investigate, Response, and Recover Features 155 Automating Investigation and Remediation with Microsoft Defender for Endpoint 157 Using Microsoft Threat Expert Support for Remediation and Investigation 159 Targeted Attack Notification 159 Experts on Demand 161 Automating Security Response with MCAS and Microsoft Flow 166 Step 1: Generate Your API Token in Cloud App Security 167 Step 2: Create Your Trigger in Microsoft Flow 167 Step 3: Create the Teams Message Action in Microsoft Flow 168 Step 4: Generate an Email in Microsoft Flow 168 Connecting the Flow in Cloud App Security 169 Performing an Automated Response Using Azure Security Center 170 Using Machine Learning and Artificial Intelligence in Threat Response 172 Overview of Fusion Detections 173 Overview of Azure Machine Learning 174 Summary 182 Chapter 5 Microsoft Cybersecurity Reference Architecture and Capability Map 183 Introduction 183 Microsoft Security Architecture versus the NIST Cybersecurity Framework (CSF) 184 Microsoft Security Architecture 185 The Identify Function 186 The Protect Function 187 The Detect Function 188 The Respond Function 189 The Recover Function 189 Using the Microsoft Reference Architecture 190 Microsoft Threat Intelligence 190 Service Trust Portal 192 Security Development Lifecycle (SDL) 193 Protecting the Hybrid Cloud Infrastructure 194 Azure Marketplace 194 Private Link 195 Azure Arc 196 Azure Lighthouse 197 Azure Firewall 198 Azure Web Application Firewall (WAF) 200 Azure DDOS Protection 200 Azure Key Vault 201 Azure Bastion 202 Az … (more)
- Edition:
- 1st
- Publisher Details:
- Hoboken : John Wiley & Sons, Inc
- Publication Date:
- 2021
- Extent:
- 1 online resource
- Subjects:
- 005.8
Computer security
Internet -- Security measures
Cloud computing -- Security measures - Languages:
- English
- ISBNs:
- 9781119804109
- Related ISBNs:
- 9781119804062
- Notes:
- Note: Description based on CIP data; resource not viewed.
- Access Rights:
- Legal Deposit; Only available on premises controlled by the deposit library and to one user at any one time; The Legal Deposit Libraries (Non-Print Works) Regulations (UK).
- Access Usage:
- Restricted: Printing from this resource is governed by The Legal Deposit Libraries (Non-Print Works) Regulations (UK) and UK copyright law currently in force.
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD.DS.641700
- Ingest File:
- 06_033.xml