The Foundations of Threat Hunting
Packt Publishing Limited (Verlag)
978-1-80324-299-6 (ISBN)
Build and mature a threat hunting team capable of repeatably stalking and trapping advanced adversaries in the darkest parts of an enterprise
Key Features
Learn foundational concepts for effective threat hunting teams in pursuit of cyber adversaries
Recognize processes and requirements for executing and conducting a hunt
Customize a defensive cyber framework needed to grow and mature a hunt team
Book DescriptionThreat hunting is a concept that takes traditional cyber defense and spins it onto its head. It moves the bar for network defenses beyond looking at the known threats and allows a team to pursue adversaries that are attacking in novel ways that have not previously been seen. To successfully track down and remove these advanced attackers, a solid understanding of the foundational concepts and requirements of the threat hunting framework is needed. Moreover, to confidently employ threat hunting in a business landscape, the same team will need to be able to customize that framework to fit a customer's particular use case.
This book breaks down the fundamental pieces of a threat hunting team, the stages of a hunt, and the process that needs to be followed through planning, execution, and recovery. It will take you through the process of threat hunting, starting from understanding cybersecurity basics through to the in-depth requirements of building a mature hunting capability. This is provided through written instructions as well as multiple story-driven scenarios that show the correct (and incorrect) way to effectively conduct a threat hunt.
By the end of this cyber threat hunting book, you'll be able to identify the processes of handicapping an immature cyber threat hunt team and systematically progress the hunting capabilities to maturity.
What you will learn
Understand what is required to conduct a threat hunt
Know everything your team needs to concentrate on for a successful hunt
Discover why intelligence must be included in a threat hunt
Recognize the phases of planning in order to prioritize efforts
Balance the considerations concerning toolset selection and employment
Achieve a mature team without wasting your resources
Who this book is forThis book is for anyone interested in learning how to organize and execute effective cyber threat hunts, establishing extra defense capabilities within their company, and wanting to mature an organization's cybersecurity posture. It will also be useful for anyone looking for a framework to help a hunt team grow and evolve.
Chad Maurice is a life-long cyber security enthusiast with a background in both offensive and defensive teams. He has led Red Teams in physical and network security tests as well as overseen planning and daily management for numerous Incident Response and Threat Hunting teams that provided defenses for Enterprise networks spanning around the globe. He has earned a Master's degree in Information Systems Security/Information Assurance from Capella University in 2011. Additionally, Chad has achieved an array of industry certifications ranging from OSCP to CISSP. Currently, he is an engineer at a Fortune 100 company enhancing defensive capabilities for all of their business assets. Jeremy Thompson is a tenacious leader and technical expert who has dedicated the last two decades to the profession of cyber security. His background has broadened him from managing infrastructure in support of a large-scale network to directing operations for an organization conducting threat hunts on IT and OT networks around the globe. He earned a Master's degree in Information Systems Management from the University of Nebraska at Omaha in 2014. Additionally, Jeremy has achieved the following certifications: CCNA – Cyber Operations, GSEC, GCFA, GDAT, GFNA, and CISSP. Currently, he is an Incident Response and Operations Manager for CyberDefenses Inc out of Austin, TX. William Copeland is a renowned leader and technician within the cyber defense community. He has endeavored the last two decades to clear the path for the operators under his leadership to become more efficient and effective cyber defenders. He earned a Bachelor's degree in Information Technology from Western Governors University in 2018. Additionally, William has accomplished the following certifications: Security+, Linux+, Project+, Network+, GCFA, GPEN, GNFA, GREM, GDAT, GCDA, GSEC, GCIA, GCIH, SSAP, GCFE, and GCTI. Currently, he is a senior leader within a cyber hunting organization providing planning, coordination, integration, and execution of defensive teams that track and eradicate adversaries on customer networks.
Table of Contents
An Introduction to Threat Hunting
Requirements and Motivations
Team Construct
Communication Breakdown
Methodologies
Threat Intelligence
Planning
Defending the Defenders
Hardware and Toolsets
Data Analysis
Documentation
Deliverables
Post-Hunt Activity and Maturing A Team
Appendix
| Erscheinungsdatum | 29.07.2022 |
|---|---|
| Verlagsort | Birmingham |
| Sprache | englisch |
| Maße | 75 x 93 mm |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| ISBN-10 | 1-80324-299-X / 180324299X |
| ISBN-13 | 978-1-80324-299-6 / 9781803242996 |
| Zustand | Neuware |
| Informationen gemäß Produktsicherheitsverordnung (GPSR) | |
| Haben Sie eine Frage zum Produkt? |
aus dem Bereich
