Practical Cyber Intelligence电子书

Title Page

Copyright and Credits

Practical Cyber Intelligence

Dedication

Packt Upsell

Why subscribe?

PacktPub.com

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Reviews

The Need for Cyber Intelligence

Need for cyber intelligence

The application of intelligence in the military

Intel stories in history

The American Revolutionary War

Napoleon's use of intelligence

Some types of intelligence

HUMINT or human intelligence

IMINT or image intelligence

MASINT or measurement and signature intelligence

OSINT or open source intelligence

SIGINT or signals intelligence

COMINT or communications intelligence

ELINT or electronic intelligence

FISINT or foreign instrumentation signals intelligence

TECHINT or technical intelligence

MEDINT or medical intelligence

All source intelligence

Intelligence drives operations

Putting theory into practice isn't simple

Understanding the maneuver warfare mentality

Follow the process, the process will save you

What is maneuver warfare?

Tempo

The OODA Loop

Center of gravity and critical vulnerability

Surprise – creating and exploiting opportunity

Combined arms – collaboration

Flexibility

Decentralized command

Summary

Intelligence Development

The information hierarchy

Introduction to the intelligence cycle

The intelligence cycle steps

Step 1 – Planning and direction

Requirements development

Requirements management

Directing the intelligence effort

Requirements satisfaction

Planning the intelligence support system

Step 2 – Collection

Step 3 – Processing

Step 4 – Analysis and Production

Step 5 – Dissemination

Methods

Channels

Modes

Dissemination architecture

Step 6 – Utilization

Summary

Integrating Cyber Intel, Security, and Operations

A different look at operations and security

Developing a strategic cyber intelligence capability

Understanding our priorities

The business architecture

The data/application architecture

Technology architecture

Application of the architectures and cyber intelligence

A look at strategic cyber intelligence – level 1

Introduction to operational security

OPSEC step 1 – identify critical information

OPSEC step 2 – analysis of threats

OPSEC step 3 – analysis of vulnerabilities

OPSEC step 4 – assessment of risk

OPSEC step 5 – application of appropriate countermeasures

OPSEC applicability in a business environment

Cyber intel program roles

Strategic level – IT leadership

Strategic level – cyber intelligence program officer

Tactical level – IT leadership

Tactical level – cyber intelligence program manager

Operational level – IT leadership

Operational level – cyber intelligence analysts

Summary

Using Cyber Intelligence to Enable Active Defense

An introduction to Active Defense

Understanding the Cyber Kill Chain

General principles of Active Defense

Active Defense – principle 1: annoyance

Active Defense – principle 2: attribution

Enticement and entrapment in Active Defense

Scenario A

Scenario B

Types of Active Defense

Types of Active Defense – manual

Types of Active Defense – automatic

An application of tactical level Active Defense

Summary

F3EAD for You and for Me

Understanding targeting

The F3EAD process

F3EAD in practice

F3EAD and the Cyber Kill Chain

Cyber Kill Chain and OODA loop

Cyber Kill Chain and OPSEC

Cyber Kill Chain and the intelligence cycle

Cyber Kill Chain and F3EAD

Application of F3EAD in the commercial space

Limitations of F3EAD

Summary

Integrating Threat Intelligence and Operations

Understanding threat intelligence

Capability Maturity Model – threat intelligence overview

Level 1 – threat intelligence collection capability

Phase initial

Example 1 – Open Threat Exchange – AlienVault

Example 2 - Twitter

Example 3 - Information Sharing and Analysis Centers

Example 4 - news alert notifications

Example 5 - Rich Site Summary feeds

Phase A

Example 1 - Cisco – GOSINT platform

Example 2 - The Malware Information Sharing Platform project

Phase B

Phase C

Level 2 – Threat Information Integration

Phase initial

Phase A

Categorization of items that are applicable to multiple teams

Phase B

Phase C

Summary

Creating the Collaboration Capability

Purpose of collaboration capability

Formal communications

Informal communications

Communication and cyber intelligence process

Methods and tools for collaboration

Service level agreements and organizational level agreements

Responsible accountable supporting consulted informed matrix

Using key risk indicators

Collaboration at the Strategic Level

Executive support

Policies and procedures

Architecture

Understanding dependencies

Prioritized information

Intelligence aggregation

Intelligence reconciliation and presentation

Collaboration at the Tactical Level

Breaking down priority information requirements

Application of the theory

Theory versus reality

Creating the tactical dashboard

Collaboration at the Operational Level

Summary

The Security Stack

Purpose of integration – it's just my POV

Core security service basics

Security Operations Center

The spider

Capabilities among teams

Capability deep dive – Security Configuration Management

Security Configuration Management – core processes

Security Configuration Management – Discovery and Detection

Security Configuration Management – Risk Mitigation

Security Configuration Management – Security State Analysis

Security Configuration Management – Data Exposure and Sharing

Prelude – integrating like services

Integrating cyber intel from different services

Overview – red team methodology

Red team – testing methods

White box

Gray box

Black box

Red team constraints

Red team – graphical representation

Data integration challenges

The end user perspective

The service level perspective – cyber intelligence – Data Exposure and Sharing

The SOC perspective

Capability Maturity Model – InfoSec and cyber intel

Capability Maturity Model - InfoSec and cyber intel – initial phase

Capability Maturity Model - InfoSec and cyber intel – Phase A

Capability Maturity Model - InfoSec and cyber intel – Phase B

Capability Maturity Model - InfoSec and cyber intel – Phase C

Collaboration + Capability = Active Defense

Summary

Driving Cyber Intel

The gap

Another set of eyes

The logic

Event

Incident

Mapping events and incidents to InfoSec capabilities

Capability Maturity Model – security awareness

Capability Maturity Model - security awareness Phase - Initial

Capability Maturity Model - security awareness – Phase A

Capability Maturity Model - security awareness – Phase B

Capability Maturity Model - security awareness – Phase C

Capability Maturity Model - security awareness – Phase C +

Just another day part 1

Summary

Baselines and Anomalies

Setting up camp

Baselines and anomalies

Continuous monitoring – the challenge

Part 1

Part 2

Part 3

Capability Maturity Model – continuous monitoring overview

Level 1 – phase A

Level 1 – phase B

Level 1 – phase C

Capability Maturity Model – continuous monitoring level 2

Scenario 1 – asset management/vulnerability scanning asset inventory

Phase initial

Information gathering

Developing possible solutions

Phase A

Procedure RASCI (example)

Phase B

Regional data centers

Local office environment

Phase C

Scenario 2 – security awareness/continuous monitoring/IT helpdesk

Phase initial

Information gathering

Developing possible solutions

Phase A

Procedure RASCI (example)

Phase B and C – sample questions

Just another day part 2

Summary

Putting Out the Fires

Quick review

Overview – incident response

Preparation and prevention

Detection and analysis

Containment, eradication, and recovery

Post-incident activity

Incident response process and F3EAD integration

Intelligence process tie-in

Capability Maturity Model – incident response

Initial phase

Phase A

Phase B

Phase C

Summary

Vulnerability Management

A quick recap

The Common Vulnerability Scoring System calculator

Base metric group

Temporal metric group

Environmental metric group

CVSS base scoring

Metrics madness

Vulnerability management overview

Capability Maturity Model: vulnerability management – scanning

Initial phase

Phase A

Phase B

Phase C

Capability Maturity Model: vulnerability management – reporting

Initial phase

Phase A

Phase B

Phase C

Capability Maturity Model: vulnerability management – fix

Initial phase

Phase A

Phase B

Phase C

Summary

Risky Business

Risk overview

Treating risk

Risk tolerance and risk appetite

Labeling things platinum, gold, silver, and copper

Differentiating networks

Taking a different look at risk

Review of threat intelligence integration

Capability Maturity Model: risk phase – initial

Improving risk reporting part 1

Capability Maturity Model: risk phase – final

Improving risk reporting part 2

Open source governance risk and compliance tools

Binary Risk Assessment

STREAM cyber risk platform

Practical threat analysis for information security experts

SimpleRisk

Security Officers Management and Analysis Project

Summary

Assigning Metrics

Security configuration management

Developing the risk score

Working in key risk indicators

Summary

Wrapping Up

Just another day part 3

Lessons learned

Other Books You May Enjoy

Leave a review - let other readers know what you think