book

Cybersecurity Blue Team Strategies

Name: Cybersecurity Blue Team Strategies
ISBN: 9781801072472

by Kunal Sehgal, Nikolaos Thymianis

February 2023

Intermediate to advanced

208 pages

6h 13m

English

Packt Publishing

Read now

Unlock full access

Cybersecurity Blue Team Strategies
ContributorsAbout the authorsAbout the reviewer
Preface
Who this book is forWhat this book coversTo get the most out of this bookDownload the color imagesConventions usedGet in touchShare Your ThoughtsDownload a free PDF copy of this book
Part 1:Establishing the Blue
Chapter 1: Establishing a Defense Program
How do organizations benefit from implementing the blue teaming approach? Risk assessment Monitoring and surveillanceSecurity controlsReporting and recommendation to management A blue team’s compositionAnalystsIncident responderThreat hunterSecurity consultantSecurity administratorIdentity and Access Management (IAM) administrator Compliance analystRed teamPurple teamCyber threat intelligenceSkills required to be in a blue teamEager to learn and detail-orientedIn-depth knowledge of networks and systemsOutside-the-box and innovative thinkingAbility to cross conventional barriers to perform tasks Academics, qualifications, and certifications Talent development and retentionCyber labsCapture-the-Flag and hackathonsResearch and development projectsCommunity outreach MentoringContinuous unhindered learningSummary
Chapter 2: Managing a Defense Security Team
Why must organizations consider metricizing cybersecurity?Blue team KRIsHow does a blue team initiate designing KRIs for their team?Selecting essential cybersecurity metricsWhy and how organizations can automate this processWhat pitfalls to avoid when automating the workflows of the blue teamAutomating how KRIs are collected and presentedSummary
Chapter 3: Risk Assessment
Following the NIST methodologyNIST risk assessment methodologyAsset inventoryRisk management methodsThreat identification Risk calculationRisk management responsibilitiesSummaryReferences
Chapter 4: Blue Team Operations
Understanding defense strategyBlue team operations – infrastructureBlue team operations – applicationsBlue team operations – systemsBlue team operations – endpointsBlue team operations – cloudDefense planning against insidersResponsibilities in blue team operationsSummary
Chapter 5: Threats
What are cyber threats?The Cyber Kill ChainPhase 1 – reconnaissancePhase 2 – weaponizationPhase 3 – deliveryPhase 4 – exploitationPhase 5 – installationPhase 6 – command and controlPhase 7 – actions on objectiveInternal attacksDifferent types of cyber threat actorsImpacts of cybercrimeAn approach to security that is proactive rather than reactiveSummary
Chapter 6: Governance, Compliance, Regulations, and Best Practices
Definition of stakeholders and their needsBuilding risk indicatorsCompliance needs and the identification of compliance requirementsAssurance of compliance and the right level of governanceSummary
Part 2:Controlling the Fray
What are security controls? Preventive controlsDetective controlsDeterrent controlsCompensating controlsCorrective controlsDefense-in-depth

Chapter 7: Preventive Controls
What are preventive controls?Benefits Types of preventive controlsAdministrative PhysicalTechnical/logicalLayers of preventive controlsPolicy controlPerimeter/physical controlsNetwork controlsData security controlsApplication security controlsEndpoint security controlsUser securitySummary
Chapter 8: Detective Controls
What are detective controls?Types of detective controlsSOCHow does a SOC work?What are the benefits of a SOC?Vulnerability testingPenetration testingRed teamsBug bountySource code scanningCompliance scanning or hardening scansTools for detective controlsThreat Intelligence Platform (TIP)Security Orchestration, Automation, and Response (SOAR) toolsSecurity Information and Event Management (SIEM) toolsDigital Forensics (DF) toolsSummary
Chapter 9: Cyber Threat Intelligence
What is CTI?The quality of CTITypes of threat intelligence Strategic threat intelligenceTactical threat intelligenceOperational threat intelligenceThreat intelligence implementation1 – Developing a plan2 – Collection3 – Processing4 – Analysis5 – Dissemination6 – FeedbackThreat huntingThe importance of threat huntingUsing CTI effectively The MITRE ATT&CK frameworkThe MITRE ATT&CK Matrix How to implement the ATT&CK frameworkSummary
Chapter 10: Incident Response and Recovery
Incident response planningTesting incident response plansIncident response playbooksRansomware attacks PlaybookData loss/theft attacks playbookPhishing attacks playbookDisaster recovery planningCyber insuranceSummary
Chapter 11: Prioritizing and Implementing a Blue Team Strategy
Emerging detection and prevention technologies and techniquesAdversary emulationVCISO servicesContext-aware securityDefensive AIExtended Detection and Response (XDR)Manufacturer Usage Description (MUD)Zero TrustPitfalls to avoid while setting up a blue teamGetting started on your blue team journeySummary
Part 3:Ask the Experts
Chapter 12: Expert Insights
Anthony DesvernoisWilliam B. Nelson CareerNon-profit and volunteer workLaurent GerardinPeter Sheppard, BSc (Hons), MBCS, CITP, CISAPieter Danhieux, CEO and Co-Founder, Secure Code Warrior
Index
Why subscribe?
Other Books You May EnjoyPackt is searching for authors like youShare Your ThoughtsDownload a free PDF copy of this book

Content preview from Cybersecurity Blue Team Strategies

12 Expert Insights

Anthony Desvernois

As an IT security manager, I led security departments in financial institutions in Europe, the Asia-Pacific region, and the Americas. I managed business security teams and operational security teams, covered business and IT continuity topics, and participated as a blue team member in multiple engagements (including purple team exercises).

The blue team is an important part of your cybersecurity team. It is in charge of detection and often the incident response too. They need to maintain constant vigilance in order to be able to anticipate and discover attacks on your information system.

The biggest challenge is to hire good people for your team. As Aristotle said, “The whole is greater than the sum of its ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Cybersecurity Attacks- Red Team Strategies

Publisher Resources

ISBN: 9781801072472

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Cybersecurity Blue Team Strategies

by Kunal Sehgal, Nikolaos Thymianis

12

Expert Insights

Anthony Desvernois

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.