Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan

Voorkant
"O'Reilly Media, Inc.", 7 mei 2015 - 276 pagina's

Any good attacker will tell you that expensive security monitoring and prevention tools aren’t enough to keep you secure. This practical book demonstrates a data-centric approach to distilling complex security monitoring, incident response, and threat analysis ideas into their most basic elements. You’ll learn how to develop your own threat intelligence and incident detection strategy, rather than depend on security tools alone.

Written by members of Cisco’s Computer Security Incident Response Team, this book shows IT and information security professionals how to create an InfoSec playbook by developing strategy, technique, and architecture.

  • Learn incident response fundamentals—and the importance of getting back to basics
  • Understand threats you face and what you should be protecting
  • Collect, mine, organize, and analyze as many relevant data sources as possible
  • Build your own playbook of repeatable methods for security monitoring and response
  • Learn how to put your plan into action and keep it running smoothly
  • Select the right monitoring and detection tools for your environment
  • Develop queries to help you sort through data and create valuable reports
  • Know what actions to take during the incident response phase
 

Geselecteerde pagina's

Inhoudsopgave

Chapter 1 Incident Response Fundamentals
1
Chapter 2 What Are You Trying to Protect?
15
Chapter 3 What Are the Threats?
29
Chapter 4 A DataCentric Approach to Security Monitoring
45
Chapter 5 Enter the Playbook
71
Chapter 6 Operationalize
81
Chapter 7 Tools of the Trade
109
Chapter 8 Queries and Reports
167
Chapter 9 Advanced Querying
193
Chapter 10 Ive Got Incidents Now How Do I Respond?
223
Chapter 11 How to Stay Relevant
237
Index
247
About the Authors
254
Copyright

Overige edities - Alles bekijken

Crafting the InfoSec Playbook: Security Monitoring and Incident Response ...
Jeff Bollinger,Brandon Enright,Matthew Valites
Gedeeltelijke weergave - 2015
Crafting the InfoSec Playbook: Security Monitoring and Incident Response ...
Jeff Bollinger,Brandon Enright,Matthew Valites
Geen voorbeeld beschikbaar - 2015

Veelvoorkomende woorden en zinsdelen

additional analysis analyze application attacks basic behavior block Chapter click fraud client compromised configuration connection context create crimeware CSIRT data sources deploy deployment develop DHCP domain name encryption ensure event data event sources example exploit external false positives fields flow header high-fidelity reports HIPS host hostname identify incident detection incident response team indicators infected InfoSec infrastructure internal Internet investigation IP address log data look malicious activity malware metadata MSIE nameserver NetFlow nodes operations organization organization’s packet capture phishing play playbook port potential protect protocol proxy logs query regular expression request require scanning security event security incident security monitoring signature sinkhole source IP specific targeted there’s threat intelligence timestamp tion traffic true positive tuning understand unique User-Agent victim vulnerabilities web proxy what’s Windows NT

Over de auteur (2015)

With over ten years of information security experience, Jeff Bollinger has worked as a security architect and incident responder for both academic and corporate networks. Specializing in investigations, network security monitoring, and intrusion detection, Jeff Bollinger currently works as an information security investigator, and has built and operated one of the world's largest corporate security monitoring infrastructures. Jeff regularly speaks at international FIRST conferences, and writes for the Cisco Security Blog. His recent work includes log mining, search optimization, threat research, and security investigations. Brandon Enright is a senior information security investigator with Cisco Systems. Brandon has a bachelor’s degree in computer science from UC San Diego where he did research in the Systems and Networking group. Brandon has coauthored several papers on the infrastructure and economics of malware botnets and a paper on the impact of low entropy seeds on the generation of SSL certificates. Some of his work in cryptography includes presenting weaknesses in some of the NIST SHA3 competition candidates, fatally knocking one out of the competition, and authoring the Password Hashing Competition proposal OmegaCrypt. Brandon is a long-time contributor to the Nmap project, a fast and featureful port scanner and security tool. In his free time Brandon enjoys mathematical puzzles and logic games. Matthew Valites is a senior investigator and site lead on Cisco's Computer Security Incident Response Team (CSIRT). He provides expertise building an Incident Response and monitoring program for cloud and hosted service enterprises, with a focus on targeted and high-value assets. A hobbyist Breaker and Maker for as long as he can recall, his current professional responsibilities include security investigations, mining security-centric alerts from large data sets, operationalizing CSIRT's detection logic, and mobile device hacking. Matt enjoys speaking at international conferences, and is keen to share CSIRT's knowledge, best practices, and lessons-learned.

Bibliografische gegevens

TitelCrafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan
AuteursJeff Bollinger, Brandon Enright, Matthew Valites
Uitgever"O'Reilly Media, Inc.", 2015
ISBN1491913614, 9781491913611
Lengte276 pagina's
  
Citatie exporterenBiBTeX EndNote RefMan