𝔖 Scriptorium
✦   LIBER   ✦
πŸ“

Practical Cyber Intelligence: How action-based intelligence can be an effective response to incidents

✍ Scribed by Wilson Bautista Jr.

Publisher
Packt Publishing
Year
2018
Tongue
English
Leaves
304
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

Your systematic guide to implementing a cyber defense intelligence program in your organization

Key Features

  • Understand intelligence processes and procedures for response mechanisms
  • Work through threat modeling and intelligent frameworks
  • Explore real-world case studies and how to go about building intelligent teams

Book Description

Cyber intelligence is important data that helps your cyber defense operation teams, threat intelligence, and IT operations to provide your organization with a full spectrum of defensive capabilities. This book begins by explaining the need for cyber intelligence and why it is necessary for a defensive framework.

With the help of real-world examples, this book provides a practical explanation of the F3EAD protocol with the help of examples. You will also learn how to implement operations security (OPSEC) and intelligence principles using active defense concepts. In later chapters, you will gain insights into threat models as well as intelligence products and frameworks, and understand how to apply them in real-life scenarios.

By the end of this book, you will have learned how to build an intelligence program for your organization based on the operational, tactical or strategic spheres of cyber defense intelligence.

What you will learn

  • Learn about the Observe-Orient-Decide-Act (OODA) loop and its applications in security
  • Understand the tactical view of active defense concepts and their application in today's threat landscape
  • Get acquainted with an operational view of the F3EAD process for better decision making within an organization
  • Create a framework and Capability Maturity Model (CMM) that integrates inputs and outputs from key functions
  • Explore cyber security functions and how threat intel plays a part
  • Implement an intelligence program by incorporating cyber defence strategies

Who This Book Is For

This book is for incident managers, malware analysts, reverse engineers, digital forensics specialists, and intelligence analysts. Experience in, or knowledge of, security operations, incident responses and investigations will help you to get the most out of this book.

Table of Contents

  1. The Need for Cyber Intelligence
  2. Intelligence Development
  3. Integrating Cyber Intel, Security, and Operations
  4. Using Cyber Intelligence to Enable Active Defense
  5. F3EAD for You and for Me
  6. Integrating Threat Intelligence and Operations
  7. Creating the Collaboration Capability
  8. The Security Stack
  9. Driving Cyber Intel
  10. Baselines and Anomalies
  11. Putting Out the Fires
  12. Vulnerability Management
  13. Risky Business
  14. Assigning Metrics
  15. Wrapping Up

✦ Table of Contents

Cover
Copyright and Credits
Dedication
Packt Upsell
Contributors
Table of Contents
Preface
Chapter 1: The Need for Cyber Intelligence
Need for cyber intelligence
The application of intelligence in the military
Intel stories in history
The American Revolutionary War
Napoleon's use of intelligence
Some types of intelligence
HUMINT or human intelligenceΒ 
IMINT or image intelligence
MASINT or measurement and signature intelligence
OSINT or open source intelligence
SIGINT or signals intelligence
COMINT or communications intelligence
ELINT or electronic intelligence
FISINT or foreign instrumentation signals intelligence
TECHINT or technical intelligence
MEDINT or medical intelligence
All source intelligence
Intelligence drives operations
Putting theory into practice isn't simple
Understanding the maneuver warfare mentality
Follow the process, the process will save you
What is maneuver warfare?
Tempo
The OODA Loop
Center of gravity and critical vulnerability
Surprise – creating and exploiting opportunity
Combined arms – collaboration
Flexibility
Decentralized command
Summary
Chapter 2: Intelligence Development
The information hierarchy
Introduction to the intelligence cycle
The intelligence cycle steps
Step 1 – Planning and direction
Requirements development
Requirements management
Directing the intelligence effort
Requirements satisfaction
Planning the intelligence support system
Step 2 – Collection
Step 3 – Processing
Step 4 – Analysis and Production
Step 5 – Dissemination
Methods
Channels
Modes
Dissemination architecture
Step 6 – Utilization
Summary
Chapter 3: Integrating Cyber Intel, Security, and Operations
A different look at operations and security
Developing a strategic cyber intelligence capability
Understanding our priorities
The business architecture
The data/application architecture
Technology architecture
Application of the architectures and cyber intelligence
A look at strategic cyber intelligence – level 1Β 
Introduction to operational security
OPSEC step 1 – identify critical informationΒ 
OPSEC step 2 – analysis of threats
OPSEC step 3 – analysis of vulnerabilities
OPSEC step 4 – assessment of risk
OPSEC step 5 – application of appropriate countermeasures
OPSEC applicability in a business environment
Cyber intel program roles
Strategic level – IT leadership
Strategic level – cyber intelligence program officer
Tactical level – IT leadership
Tactical level – cyber intelligence program manager
Operational level – IT leadership
Operational level – cyber intelligence analysts
Summary
Chapter 4: Using Cyber Intelligence to Enable Active Defense
An introduction to Active Defense
Understanding the Cyber Kill Chain
General principles of Active Defense
Active Defense – principle 1: annoyance
Active Defense – principle 2: attribution
Enticement and entrapment in Active Defense
Scenario A
Scenario B
Types of Active Defense
Types of Active Defense – manual
Types of Active Defense – automatic
An application of tactical level Active Defense
Summary
Chapter 5: F3EAD for You and for Me
Understanding targeting
The F3EAD process
F3EAD in practice
F3EAD and the Cyber Kill Chain
Cyber Kill Chain and OODA loop
Cyber Kill Chain and OPSEC
Cyber Kill Chain and the intelligence cycle
Cyber Kill Chain and F3EAD
Application of F3EAD in the commercial space
Limitations of F3EAD
Summary
Chapter 6: Integrating Threat Intelligence and Operations
Understanding threat intelligence
Capability Maturity Model – threat intelligence overview
Level 1 – threat intelligence collection capability
Phase initialΒ 
Example 1 – Open Threat Exchange – AlienVault
Example 2 - Twitter
Example 3 -Β Information Sharing and Analysis Centers
Example 4 - news alert notifications
Example 5 -Β Rich Site SummaryΒ feeds
Phase A
Example 1 - Cisco – GOSINT platform
Example 2 - The Malware Information Sharing Platform project
Phase B
Phase C
Level 2 – Threat Information Integration
Phase initial
Phase A
Categorization of items that are applicable to multiple teams
Phase B
Phase C
Summary
Chapter 7: Creating the Collaboration Capability
Purpose of collaboration capability
Formal communications
Informal communications
Communication and cyber intelligence process
Methods and tools for collaboration
Service level agreements and organizational level agreements
Responsible accountable supporting consulted informed matrix
Using key risk indicators
Collaboration at the Strategic Level
Executive support
Policies and procedures
Architecture
Understanding dependencies
Prioritized information
Intelligence aggregation
Intelligence reconciliation and presentation
Collaboration at the Tactical Level
Breaking down priority information requirements
Application of the theory
Theory versus reality
Creating the tactical dashboard
Collaboration at the Operational Level
Summary
Chapter 8: The Security Stack
Purpose of integration – it's just my POV
Core security service basics
Security Operations Center
The spider
Capabilities among teams
Capability deep dive – Security Configuration Management
Security Configuration Management – core processes
Security Configuration Management – Discovery and Detection
Security Configuration Management – Risk Mitigation
Security Configuration Management – Security State Analysis
Security Configuration Management – Data Exposure and Sharing
Prelude – integrating like services
Integrating cyber intel from different services
Overview – red team methodology
Red team – testing methods
White box
Gray box
Black box
Red team constraints
Red team – graphical representation
Data integration challenges
The end user perspective
The service level perspective – cyber intelligence – Data Exposure and Sharing
The SOC perspective
Capability Maturity Model – InfoSec and cyber intel
Capability Maturity Model - InfoSec and cyber intel – initial phase
Capability Maturity Model - InfoSec and cyber intel – Phase A
Capability Maturity Model - InfoSec and cyber intel – Phase B
Capability Maturity Model - InfoSec and cyber intel – Phase C
Collaboration + Capability = Active Defense
Summary
Chapter 9: Driving Cyber Intel
The gap
Another set of eyes
The logic
Event
Incident
Mapping events and incidents to InfoSec capabilities
Capability Maturity Model – security awareness
Capability Maturity Model - security awareness Phase - Initial
Capability Maturity Model - security awareness – Phase A
Capability Maturity Model - security awareness – Phase B
Capability Maturity Model - security awareness – Phase C
Capability Maturity Model - security awareness – Phase C +
Just another day part 1
Summary
Chapter 10: Baselines and Anomalies
Setting up camp
Baselines and anomalies
Continuous monitoring – the challengeΒ 
Part 1
Part 2
Part 3
Capability Maturity Model – continuous monitoring overview
Level 1 – phase A
Level 1 – phase B
Level 1 – phase C
Capability Maturity Model – continuous monitoring level 2
Scenario 1 – asset management/vulnerability scanning asset inventory
Phase initial
Information gathering
Developing possible solutions
Phase A
Procedure RASCI (example)
Phase B
Regional data centers
Local office environment
Phase C
Scenario 2 – security awareness/continuous monitoring/IT helpdesk
Phase initial
Information gathering
Developing possible solutions
Phase A
Procedure RASCI (example)
Phase B and C – sample questionsΒ 
Just another day part 2
Summary
Chapter 11: Putting Out the Fires
Quick review
Overview – incident response
Preparation and prevention
Detection and analysis
Containment, eradication, and recovery
Post-incident activity
Incident response process and F3EAD integration
Intelligence process tie-in
Capability Maturity Model – incident response
Initial phase
Phase A
Phase B
Phase C
Summary
Chapter 12: Vulnerability Management
A quick recap
The Common Vulnerability Scoring System calculator
Base metric group
Temporal metric group
Environmental metric group
CVSS base scoring
Metrics madness
Vulnerability management overview
Capability Maturity Model: vulnerability management – scanning
Initial phase
Phase A
Phase B
Phase C
Capability Maturity Model: vulnerability management – reporting
Initial phase
Phase A
Phase B
Phase C
Capability Maturity Model: vulnerability management – fix
Initial phase
Phase A
Phase B
Phase C
Summary
Chapter 13: Risky Business
Risk overview
Treating risk
Risk tolerance and risk appetite
Labeling things platinum, gold, silver, and copper
Differentiating networks
Taking a different look at risk
Review of threat intelligence integration
Capability Maturity Model: risk phase – initial
Improving risk reporting part 1
Capability Maturity Model: risk phase – final
Improving risk reporting part 2
Open source governance risk and compliance tools
Binary Risk Assessment
STREAM cyber risk platform
Practical threat analysis for information security experts
SimpleRisk
Security Officers Management and Analysis Project
Summary
Chapter 14: Assigning Metrics
Security configuration management
Developing the risk score
Working in key risk indicators
Summary
Chapter 15: Wrapping Up
Just another day part 3
Lessons learned
Other Books You May Enjoy
Index

πŸ“œ SIMILAR VOLUMES

Practical Cyber Intelligence: How action
πŸ“ Practical Cyber Intelligence: How action-based intelligence can be an effective response to incidents
✍ Wilson Bautista πŸ“‚ Library πŸ“… 2018 πŸ› Packt Publishing 🌐 English

Your one stop solution to implement a Cyber Defense Intelligence program in to your organisation. Key Features Intelligence processes and procedures for response mechanisms Master F3EAD to drive processes based on intelligence Threat modeling and intelligent frameworks Case studies and how to

Practical cyber intelligence how action-
πŸ“ Practical cyber intelligence how action-based intelligence can be an effective response to incidents
✍ Wilson Bautista Jr πŸ“‚ Library πŸ“… 2018 πŸ› Packt Publishing 🌐 English

Your one stop solution to implement a Cyber Defense Intelligence program in to your organisation. About This Book Intelligence processes and procedures for response mechanisms Master F3EAD to drive processes based on intelligence Threat modeling and intelligent frameworks Case studies and how to go

Practical cyber intelligence how action-
πŸ“ Practical cyber intelligence how action-based intelligence can be an effective response to incidents
✍ Wilson Bautista Jr πŸ“‚ Library πŸ“… 2018 πŸ› Packt Publishing 🌐 English

Your one stop solution to implement a Cyber Defense Intelligence program in to your organisation. About This Book Intelligence processes and procedures for response mechanisms Master F3EAD to drive processes based on intelligence Threat modeling and intelligent frameworks Case studies and how to go

Practical cyber intelligence how action-
πŸ“ Practical cyber intelligence how action-based intelligence can be an effective response to incidents
✍ jr_, Wilson Bautista πŸ“‚ Library πŸ“… 2018 πŸ› Packt Publishing 🌐 English

Your one stop solution to implement a Cyber Defense Intelligence program in to your organisation.Key Features Intelligence processes and procedures for response mechanisms Master F3EAD to drive processes based on intelligence Threat modeling and intelligent frameworks Case studies and how to go abou

Incident Response with Threat Intelligen
πŸ“ Incident Response with Threat Intelligence: Practical insights into developing an incident response capability through intelligence-based threat hunting
✍ Roberto Martinez πŸ“‚ Library πŸ“… 2022 πŸ› Packt Publishing 🌐 English

<p><span>Learn everything you need to know to respond to advanced cybersecurity incidents through threat hunting using threat intelligence</span></p><h4><span>Key Features</span></h4><ul><li><span><span>Understand best practices for detecting, containing, and recovering from modern cyber threats</sp

Incident Response with Threat Intelligen
πŸ“ Incident Response with Threat Intelligence: Practical insights into developing an incident response capability through intelligence-based threat hunting
✍ Roberto Martinez πŸ“‚ Library πŸ“… 2022 πŸ› Packt Publishing 🌐 English

<p><span>Learn everything you need to know to respond to advanced cybersecurity incidents through threat hunting using threat intelligence</span></p><h4><span>Key Features</span></h4><ul><li><span><span>Understand best practices for detecting, containing, and recovering from modern cyber threats</sp