O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Advanced Persistent Security

Book Description

Advanced Persistent Security covers secure network design and implementation, including authentication, authorization, data and access integrity, network monitoring, and risk assessment. Using such recent high profile cases as Target, Sony, and Home Depot, the book explores information security risks, identifies the common threats organizations face, and presents tactics on how to prioritize the right countermeasures.

The book discusses concepts such as malignant versus malicious threats, adversary mentality, motivation, the economics of cybercrime, the criminal infrastructure, dark webs, and the criminals organizations currently face.

  • Contains practical and cost-effective recommendations for proactive and reactive protective measures
  • Teaches users how to establish a viable threat intelligence program
  • Focuses on how social networks present a double-edged sword against security programs

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Dedication
  6. About the Authors
  7. Introduction
  8. Chapter 1. What Is Advanced Persistent Security?
    1. Protection
    2. Detection
    3. Reaction
    4. Defense in Depth
    5. What is Advanced Persistent Security?
    6. Advanced Persistent Threat and Advanced Persistent Security
    7. Applying Advanced Persistent Security to the Sony Hack
  9. Section 1. Concepts/Foundation
    1. Introduction
    2. Chapter 2. Cyberwarfare Concepts
      1. Confidentiality, Integrity, and Availability
      2. Computer Network Attack
      3. Computer Network Exploitation
      4. Computer Network Defense
    3. Chapter 3. What Is Proaction?
      1. Kill Chain Basics
      2. Changing the Game
      3. Threat Hunting
      4. Summary
    4. Chapter 4. Risk Management
      1. Death by 1000 Cuts
      2. Understanding Risk
      3. Risk Optimization Versus Risk Minimization
      4. Practical Implementation
      5. Getting the Budget You Need, Not the Budget You Deserve
    5. Chapter 5. How to Hack Computers
      1. Security Researchers
      2. Two Ways to Hack a Computer or Other Technology
      3. Technology Is Irrelevant
    6. Chapter 6. Threat
      1. Why Threats Are Important to Consider
      2. Who Threats Versus What Threats
      3. Malignant Threats Versus Malicious Threats
      4. Adversary Categorization
      5. Threat Summary
    7. Chapter 7. Adversary Infrastructure
      1. Highly Sophisticated Adversary Infrastructure
      2. Deep/Dark Web
      3. Tor
      4. Bitcoin
      5. Botnets
      6. Ransomware
      7. Security Researchers
      8. Leased or Purchased Malware
      9. Brokerage or Escrow of Data
      10. Hackers for Hire
      11. Encrypted Apps
      12. Summary
  10. Section 2. Protection
    1. Introduction
    2. Chapter 8. Governance
      1. The Importance of Security Policies, Standards, Guidelines, and Procedures
      2. Standards
      3. Policies
      4. Procedures
      5. Guidelines
      6. Summary
    3. Chapter 9. Vulnerabilities to Address
      1. Operational Vulnerabilities
      2. Personnel Vulnerabilities
      3. Physical Vulnerabilities
      4. Technical Vulnerabilities
      5. Summary
    4. Chapter 10. Countermeasures
      1. Operational Countermeasures
      2. Personnel Countermeasures
      3. Physical Countermeasures
      4. Technical Countermeasures
      5. Summary
    5. Chapter 11. Security Culture
      1. What is Security Culture?
      2. Forming a Security Culture
      3. The ABCs of Behavior
      4. Elements of a Security Awareness Program
      5. Management Support
      6. Summary
    6. Chapter 12. What Is Threat Intelligence?
      1. Types of Threat Intelligence
      2. Threat Intelligence Platforms
      3. Threat Intelligence Platform Capabilities
      4. Summary
  11. Section 3. Detection
    1. Introduction
    2. Chapter 13. What Is Detection?
      1. Prevention Is Insufficient
      2. Lasting Damage Follows After Initial Compromise
      3. Determine What Is to Be Detected
      4. Determine where to Look
      5. Enable the Detection Capabilities that you have
      6. Human Intrusion Detection Systems
      7. Summary
    3. Chapter 14. Detection Deficit Disorder
      1. What Is ADD?
      2. What Is DDD?
      3. Diagnosing DDD
      4. Treating DDD
      5. Summary
    4. Chapter 15. The Human Intrusion Detection System
      1. Perform Positive Outreach
      2. If You See Something, Say Something
      3. Knowing What to Look for
      4. It's Better to Be Safe Than Sorry
      5. Eliminate Punishments When Reporting Incidents
      6. Implement Rewards for Detection
      7. Knowing How to Report Things
      8. Summary
    5. Chapter 16. Kill Chain Analysis
      1. Why the Kill Chain Is in Detection
      2. What Is a Kill Chain?
      3. The Cyber Kill Chain
      4. Applying the Cyber Kill Chain to Detection
      5. Applying the Kill Chain to Protection and Reaction
      6. Summary
  12. Section 4. Reaction
    1. Introduction
    2. Chapter 17. Setting Reaction Strategy
      1. Executive Support
      2. Define Your Team
      3. Define an Incident
      4. Controls Success Versus Program Success
      5. Metrics: A Tale of Two Lenses
      6. Summary
    3. Chapter 18. Incident Response and Investigations
      1. Incident Response is Complicated
      2. Proper Training
      3. Order of Operations
      4. The IR Imperative
      5. Houston, We Have a Standard!
      6. Response Readiness Assessment
      7. Forensic Readiness
      8. Summary
  13. Section 5. Implementation
    1. Introduction
    2. Chapter 19. Know Yourself
      1. Is There Proper Governance in Place?
      2. How Many People Are There in the Enterprise?
      3. What Is the Range of Job Functions?
      4. What Information Is Involved?
      5. What Industry Are You in?
      6. What Is Your Technology Posture?
      7. Are There Special Technologies in Use?
      8. Do You Understand Your Network?
      9. Perform a Security Assessment
      10. What Is Your Physical Security Posture?
      11. How Is Data Transported?
      12. Who Are Your Adversaries?
      13. What Is the Security Posture of Similar Enterprises?
      14. Summary
    3. Chapter 20. Know Your Adversaries
      1. List the Most Likely Threats
      2. Detail the Likely Attack Strategies
      3. Define Vulnerabilities to Be Exploited
      4. Prioritize Vulnerabilities by Potential Loss and Likelihood to Be Exploited
      5. Summary
    4. Chapter 21. Define Your Strategy
      1. Implement Proper Governance
      2. Assess the Program in Place
      3. Review Past Incidents
      4. Determine Information and Other Resources
      5. Review The Vulnerability Analysis
      6. Create Potential Attack Scenarios
      7. Summary
    5. Chapter 22. Determining the Appropriate Countermeasures
      1. Addressing Vulnerabilities
      2. Evaluate the Completeness of Protection, Detection, and Reaction
      3. Performing a Cost/Benefit Sanity Check
      4. Summary
    6. Chapter 23. Advanced Persistent Security
      1. Adaptive Persistent Security
      2. Summary
  14. Index