Using a well-conceived incident response plan in the aftermath of an online security breach enables your team to identify attackers and learn how they operate. But only when you approach incident response with a cyber threat intelligence mindset will you truly understand the value of that information. In this updated second edition, you'll learn the fundamentals of intelligence analysis as well as the best ways to incorporate these techniques into your incident response process.
Each method reinforces the other: threat intelligence supports and augments incident response, while incident response generates useful threat intelligence. This practical guide helps incident managers, malware analysts, reverse engineers, digital forensics specialists, and intelligence analysts understand, implement, and benefit from this relationship.
In three parts, this in-depth book includes:
- The fundamentals: Get an introduction to cyberthreat intelligence, the intelligence process, the incident response process, and how they all work together
- Practical application: Walk through the intelligence-driven incident response (IDIR) process using the F3EAD process: Find, Fix, Finish, Exploit, Analyze, and Disseminate
- The way forward: Explore big-picture aspects of IDIR that go beyond individual incident response investigations, including intelligence team building
Rebekah Brown has spent more than two decades working in the intelligence analysis community; her previous roles include NSA network warfare analyst, Operations Chief of a United States Marine Corps cyber unit, and a U.S. Cyber Command training and exercise lead. Rebekah has helped develop threat intelligence and security awareness programs at the federal, state, and local level, as well as at multiple Fortune 500 companies. Scott J Roberts is a security leader, analyst, software developer, and author. He is Head of Threat Research for Interpres Security and has led security teams and project in the defense industrial base, GitHub, Apple, Splunk, and most recently Argo AI. He is also a student and researcher at Utah State University, where he is focused on Anticipatory Intelligence, tackling emergent problems in national and cybersecurity. Scott J Roberts has served as an Advisory Committee for SANS CTI & DFIR Summits. Along with Rebekah Brown, he authored O'Reilly's Intelligence-Driven Incident Response and has spoken at numerous industry events on incident response and cyber threat intelligence. Scott J Roberts is passionate about improving security via automation, especially on macOS, and developing open and closed source tooling in Python, Go, & Swift.
Daugiau apie elektronines knygas