Intelligence-Driven Incident Response, 2nd Edition (5th Early Release)

✍ Scribed by Rebekah Brown and Scott J. Roberts

Publisher: O'Reilly Media, Inc.
Year: 2023
Tongue: English
Leaves: 286
Edition: 2
Category: Library

No coin nor oath required. For personal study only.

✦ Synopsis

Cyber-threat intelligence isn’t a new concept, simply a new name for an old approach: applying a structured analytical process to understand an attack and the adversary behind it. The application of threat intelligence to network security is more recent, but the basics haven’t changed. Cyber-threat intelligence involves applying intelligence processes and concepts—some of the oldest concepts that exist—and making them a part of the overall information security process. Threat intelligence has many applications, but one of the fundamental ways it can be utilized is as an integral part of the intrusion-detection and incident-response process. We call this intelligence-driven incident response and think it is something every security team can do, with or without a major capital investment. It’s less about tools, although they certainly help sometimes, and more about a shift in the way we approach the incident-response process. Intelligence-driven incident response will help not only to identify, understand, and eradicate threats within a network, but also to strengthen the entire information security process to improve those responses in the future.

Using a well-conceived incident response plan in the aftermath of an online security breach enables your team to identify attackers and learn how they operate. But only when you approach incident response with a cyberthreat intelligence mindset will you truly understand the value of that information. In this updated second edition, you'll learn the fundamentals of intelligence analysis as well as the best ways to incorporate these techniques into your incident response process.

Each method reinforces the other: threat intelligence supports and augments incident response, while incident response generates useful threat intelligence. This practical guide helps incident managers, malware analysts, reverse engineers, digital forensics specialists, and intelligence analysts understand, implement, and benefit from this relationship.

In three parts, this in-depth book includes:

The fundamentals: get an introduction to cyberthreat intelligence, the intelligence process, the incident response process, and how they all work together
Practical application: walk through the intelligence-driven incident response (IDIR) process using the F3EAD process: Find, Fix, Finish, Exploit, Analyze, and Disseminate
The way forward: explore big-picture aspects of IDIR that go beyond individual incident response investigations, including intelligence team building

✦ Table of Contents

Introduction
Intelligence as Part of Incident Response
History of Cyber Threat Intelligence
Modern Cyber-Threat Intelligence
The Way Forward
Incident Response as a Part of Intelligence
What Is Intelligence -Driven Incident Response?
Why Intelligence -Driven Incident Response?
Operation SMN
SolarWinds
Conclusion
Sources :
1. Basics of Intelligence
  Intelligence and Research
  Data Versus Intelligence
  Sources and Methods
  Models
  Using Models for Collaboration
  Process Models
  OODA
  Intelligence Cycle
  Using the Intelligence Cycle
  Qualities of Good Intelligence
  Levels of Intelligence
  Tactical Intelligence
  Operational Intelligence
  Strategic Intelligence
  Confidence Levels
  Conclusion
2. Basics of Incident Response
  Incident-Response Cycle
  Preparation
  Identification
  Containment
  Eradication
  Recovery
  Lessons Learned
  Kill Chain
  Targeting
  Reconnaissance
  Weaponization
  Delivery
  Exploitation
  Installation
  Command and Control
  Actions on Objective
  Example Kill Chain
  Diamond Model
  Basics of the Diamond Model
  Extending the Model
  ATT&CK & D3FEND
  ATT&CK
  D3FEND
  Active Defense
  Deny
  Disrupt
  Degrade
  Deceive
  Destroy
  F3EAD
  Find
  Fix
  Finish
  Exploit
  Analyze
  Disseminate
  Using F3EAD
  Picking the Right Model
  Scenario: ROAD RUNNER
  Conclusion
3. Exploit
  Tactical Versus Strategic OODA Loops
  What to Exploit?
  Gathering Information
  Information Gathering Goals
  Mining Previous Incidents
  Gathering External Information (aka Conducting a Literature Review)
  Extracting and Storing Threat Data
  Standards for Storing Threat Data
  Data Standards and Formats for Indicators
  Data Standards and Formats for Strategic Information
  Process for Extracting
  Managing Information
  Threat-Intelligence Platforms
  Conclusion
4. Analyze
  The Fundamentals of Analysis
  Dual Process thinking
  Inductive, Deductive, and Abductive Reasoning
  Case Study: The OPM Breach
  Analytic Processes and Methods
  Structured Analytic Techniques
  Target-Centric Analysis
  Conducting the Analysis
  What to Analyze?
  Enriching Your Data
  Leverage Information sharing
  Developing Your Hypothesis
  Evaluating Key Assumptions
  Judgment and Conclusions
  Things that are Gonna Screw You Up, Aka Analytic Bias
  Accounting for biases
  Conclusion
5. Strategic Intelligence
  What Is Strategic Intelligence?
  Sherman Kent: Father of American Intelligence Analysis
  The Role of Strategic Intelligence in IDIR
  Intelligence Beyond Incident Response
  Building a Frame with Strategic Intelligence
  The Strategic Intelligence Cycle
  Setting Strategic Requirements
  Collection
  Analysis
  Processes for strategic intelligence
  Dissemination
  Moving towards anticipatory intelligence
  Conclusion
  About the Authors

📜 SIMILAR VOLUMES

Intelligence-Driven Incident Response

📁 Intelligence-Driven Incident Response

✍ Rebekah Brown and Scott J. Roberts 📂 Library 📅 2023 🏛 O'Reilly Media, Inc. 🌐 English

Machine Learning with Python Cookbook, 2

📁 Machine Learning with Python Cookbook, 2nd Edition (6th Early Release)

✍ Kyle Gallatin and Chris Albon 📂 Library 📅 2023 🏛 O'Reilly Media, Inc. 🌐 English

This practical guide provides more than 200 self-contained recipes to help you solve Machine Learning challenges you may encounter in your work. If you're comfortable with Python and its libraries, including pandas and scikit-learn, you'll be able to address specific problems all the way from loadin

Intelligence-Driven Incident Response: O

📁 Intelligence-Driven Incident Response: Outwitting the Adversary

✍ Scott J. Roberts, Rebekah Brown 📂 Library 📅 2017 🏛 O’Reilly Media 🌐 English

Using a well-conceived incident response plan in the aftermath of an online security breach enables your team to identify attackers and learn how they operate. But, only when you approach incident response with a cyber threat intelligence mindset will you truly understand the value of that informati

Intelligence-driven incident response ou

📁 Intelligence-driven incident response outwitting the adversary

✍ Brown, Rebekah;Roberts, Scott J 📂 Library 📅 2017 🏛 O'Reilly Media 🌐 English

<p>Using a well-conceived incident response plan in the aftermath of an online security breach enables your team to identify attackers and learn how they operate. But, only when you approach incident response with a cyber threat intelligence mindset will you truly understand the value of that inform

Intelligence-driven incident response ou

📁 Intelligence-driven incident response outwitting the adversary

✍ Brown, Rebekah;Roberts, Scott J 📂 Library 📅 2017 🏛 O'Reilly Media 🌐 English

Threat intelligence-understanding the who, why, and how of attacksis most valuable when applied directly to an organizations incident response capability for hunting and investigation. Threat intelligence has become more common and important in recent years. However, many professionals want a better

Intelligence-driven incident response: o

📁 Intelligence-driven incident response: outwitting the adversary

✍ Roberts, Scott J;Brown, Rebekah;Maxwell, Kyle R 📂 Library 📅 2017 🏛 O'Reilly Media 🌐 English