| Description |
1 online resource : illustrations |
|
1 online resource |
| Summary |
Adding cyber threat intelligence can help security teams uncover events not detected by traditional security platforms and correlate seemingly disparate events across the network. This book will show you how to implement an intelligence-led program in your enterprise on any budget. Topics include: a roadmap and direction on how to build an intelligence-led information security program to protect your company, understanding your network through logs and client monitoring so you can effectively evaluate threat intelligence; using popular tools such as BIND, SNORT, squid, STIX, TAXII, CyBox, and splunk to conduct network intelligence. -- Edited summary from book. |
| Bibliography |
Includes bibliographical references and index. |
| Contents |
Machine generated contents note: ch. 1 Understanding the Threat -- Introduction -- A Brief of History of Network Security -- Understanding the Current Threat -- The Coming Threats -- Conclusion -- References -- ch. 2 What is Intelligence? -- Introduction -- Denning Intelligence -- The Intelligence Cycle -- Types of Intelligence -- The Professional Analyst -- Denial and Deception -- Intelligence throughout the Ages -- Conclusion -- References -- ch. 3 Building a Network Security Intelligence Model -- Introduction -- Defining Cyber Threat Intelligence -- The Anatomy of an Attack -- Approaching Cyber Attacks Differently -- Incorporating the Intelligence Lifecycle into Security Workflow -- Automation -- Conclusion -- References -- ch. 4 Gathering Data -- Introduction -- The Continuous Monitoring Framework -- NIST Cybersecurity Framework -- Security + Intelligence -- The Business Side of Security -- Planning a Phased Approach -- Conclusion -- References |
|
Note continued: ch. 5 Internal Intelligence Sources -- Introduction -- Asset, Vulnerability, and Configuration Management -- Network Logging -- Network Monitoring -- Conclusion -- References -- ch. 6 External Intelligence Sources -- Introduction -- Brand Monitoring versus Intelligence -- Asset, Vulnerability, and Configuration Management -- Network Logging -- Network Monitoring -- Protecting against Zero-day Attacks -- Incident Response and Intelligence -- Collaborative Research into Threats -- Conclusion -- References -- ch. 7 Fusing Internal and External Intelligence -- Introduction -- Security Awareness Training -- OpenIOC, CyBOX, STIX, and TAXII -- Threat Intelligence Management Platforms -- Big Data Security Analytics -- Conclusion -- Reference -- ch. 8 CERTs, ISACs, and Intelligence-sharing Communities -- Introduction -- CERTs and CSIRTs -- ISACs -- Intelligence-sharing Communities -- Conclusion -- References -- ch. 9 Advanced Intelligence Capabilities |
|
Note continued: Introduction -- Malware Analysis -- Honeypots -- Intrusion Deception -- Conclusion -- Reference. |
| Subject |
Computer networks -- Security measures.
|
|
Réseaux d'ordinateurs -- Sécurité -- Mesures. |
|
Computer networks -- Security measures |
| Added Author |
Gallo, Tim, editor.
|
| Other Form: |
Print version: Liska, Allan. Building an intelligence-led security program. First edition. Waltham, MA : Syngress is an imprint of Elsevier, [2015] 0128021454 9780128021453 (OCoLC)890757547 |
| ISBN |
9780128023709 (e-book) |
|
0128023708 |
|
More Resources