Back to School Savings: Save up to 30% on print books and eBooks. No promo code needed.
Back to School Savings: Save up to 30%
Building an Intelligence-Led Security Program
1st Edition - December 5, 2014
Author: Allan Liska
Paperback ISBN:9780128021453
9 7 8 - 0 - 1 2 - 8 0 2 1 4 5 - 3
eBook ISBN:9780128023709
9 7 8 - 0 - 1 2 - 8 0 2 3 7 0 - 9
As recently as five years ago, securing a network meant putting in a firewall, intrusion detection system, and installing antivirus software on the desktop. Unfortunately,… Read more
Purchase Options
Save 50% on book bundles
Immediately download your ebook while waiting for your print delivery. No promo code is needed.
As recently as five years ago, securing a network meant putting in a firewall, intrusion detection system, and installing antivirus software on the desktop. Unfortunately, attackers have grown more nimble and effective, meaning that traditional security programs are no longer effective.
Today's effective cyber security programs take these best practices and overlay them with intelligence. Adding cyber threat intelligence can help security teams uncover events not detected by traditional security platforms and correlate seemingly disparate events across the network. Properly-implemented intelligence also makes the life of the security practitioner easier by helping him more effectively prioritize and respond to security incidents.
The problem with current efforts is that many security practitioners don't know how to properly implement an intelligence-led program, or are afraid that it is out of their budget. Building an Intelligence-Led Security Program is the first book to show how to implement an intelligence-led program in your enterprise on any budget. It will show you how to implement a security information a security information and event management system, collect and analyze logs, and how to practice real cyber threat intelligence. You'll learn how to understand your network in-depth so that you can protect it in the best possible way.
Provides a roadmap and direction on how to build an intelligence-led information security program to protect your company.
Learn how to understand your network through logs and client monitoring, so you can effectively evaluate threat intelligence.
Learn how to use popular tools such as BIND, SNORT, squid, STIX, TAXII, CyBox, and splunk to conduct network intelligence.
IT security professionals like security auditors, security engineers, compliance specialists, etc.; IT professionals like network administrators, IT managers, security managers, security analysts, directors of security, etc.
Dedication
Introduction
About the Author
About the Technical Editor
Acknowledgments
Chapter 1: Understanding the threat
Abstract
Introduction
A brief of history of network security
Understanding the current threat
The coming threats
Conclusion
Chapter 2: What is intelligence?
Abstract
Introduction
Defining intelligence
The intelligence cycle
Types of intelligence
The professional analyst
Denial and deception
Intelligence throughout the ages
Conclusion
Chapter 3: Building a network security intelligence model
Abstract
Introduction
Defining cyber threat intelligence
The anatomy of an attack
Approaching cyber attacks differently
Incorporating the intelligence lifecycle into security workflow
Automation
Conclusion
Chapter 4: Gathering data
Abstract
Introduction
The continuous monitoring framework
NIST cybersecurity framework
Security + intelligence
The business side of security
Planning a phased approach
Conclusion
Chapter 5: Internal intelligence sources
Abstract
Introduction
Asset, vulnerability, and configuration management
Network logging
Network monitoring
Conclusion
Chapter 6: External intelligence sources
Abstract
Introduction
Brand monitoring versus intelligence
Asset, vulnerability, and configuration management
Network logging
Network monitoring
Protecting against zero-day attacks
Incident response and intelligence
Collaborative research into threats
Conclusion
Chapter 7: Fusing internal and external intelligence
Abstract
Introduction
Security awareness training
OpenIOC, CyBOX, STIX, and TAXII
Threat intelligence management platforms
Big data security analytics
Conclusion
Chapter 8: CERTs, ISACs, and intelligence-sharing communities
Abstract
Introduction
CERTs and CSIRTs
ISACs
Intelligence-sharing communities
Conclusion
Chapter 9: Advanced intelligence capabilities
Abstract
Introduction
Malware analysis
Honeypots
Intrusion deception
Conclusion
Index
No. of pages: 200
Language: English
Published: December 5, 2014
Imprint: Syngress
Paperback ISBN: 9780128021453
eBook ISBN: 9780128023709
AL
Allan Liska
Allan Liska has more than 15 years of experience in the world of information security. Mr. Liska has worked both as a security practitioner and an ethical hacker, so he is familiar with both sides of the security aisle and, through his work at Symantec and iSIGHT Partners, has helped countless organizations improve their security posture using more effective intelligence.
In addition to security experience, Mr. Liska also authored the book The Practice of Network Security and contributed the security-focused chapters to The Apache Administrators Handbook.
Affiliations and expertise
Allan Liska, security practitioner, Symantec and iSIGHT.