Book description
Learn everything you need to know to respond to advanced cybersecurity incidents through threat hunting using threat intelligence
Key Features
- Understand best practices for detecting, containing, and recovering from modern cyber threats
- Get practical experience embracing incident response using intelligence-based threat hunting techniques
- Implement and orchestrate different incident response, monitoring, intelligence, and investigation platforms
Book Description
With constantly evolving cyber threats, developing a cybersecurity incident response capability to identify and contain threats is indispensable for any organization regardless of its size. This book covers theoretical concepts and a variety of real-life scenarios that will help you to apply these concepts within your organization.
Starting with the basics of incident response, the book introduces you to professional practices and advanced concepts for integrating threat hunting and threat intelligence procedures in the identification, contention, and eradication stages of the incident response cycle. As you progress through the chapters, you'll cover the different aspects of developing an incident response program. You'll learn the implementation and use of platforms such as TheHive and ELK and tools for evidence collection such as Velociraptor and KAPE before getting to grips with the integration of frameworks such as Cyber Kill Chain and MITRE ATT&CK for analysis and investigation. You'll also explore methodologies and tools for cyber threat hunting with Sigma and YARA rules.
By the end of this book, you'll have learned everything you need to respond to cybersecurity incidents using threat intelligence.
What you will learn
- Explore the fundamentals of incident response and incident management
- Find out how to develop incident response capabilities
- Understand the development of incident response plans and playbooks
- Align incident response procedures with business continuity
- Identify incident response requirements and orchestrate people, processes, and technologies
- Discover methodologies and tools to integrate cyber threat intelligence and threat hunting into incident response
Who this book is for
If you are an information security professional or anyone who wants to learn the principles of incident management, first response, threat hunting, and threat intelligence using a variety of platforms and tools, this book is for you. Although not necessary, basic knowledge of Linux, Windows internals, and network protocols will be helpful.
Table of contents
- Incident Response with Threat Intelligence
- Contributors
- About the author
- About the reviewer
- Preface
- Section 1: The Fundamentals of Incident Response
- Chapter 1: Threat Landscape and Cybersecurity Incidents
- Chapter 2: Concepts of Digital Forensics and Incident Response
- Chapter 3: Basics of the Incident Response and Triage Procedures
- Chapter 4: Applying First Response Procedures
- Section 2: Getting to Know the Adversaries
- Chapter 5: Identifying and Profiling Threat Actors
- Chapter 6: Understanding the Cyber Kill Chain and the MITRE ATT&CK Framework
- Chapter 7: Using Cyber Threat Intelligence in Incident Response
- Section 3: Designing and Implementing Incident Response in Organizations
- Chapter 8: Building an Incident Response Capability
- Chapter 9: Creating Incident Response Plans and Playbooks
- Chapter 10: Implementing an Incident Management System
- Chapter 11: Integrating SOAR Capabilities into Incident Response
- Section 4: Improving Threat Detection in Incident Response
- Chapter 12: Working with Analytics and Detection Engineering in Incident Response
- Chapter 13: Creating and Deploying Detection Rules
- Chapter 14: Hunting and Investigating Security Incidents
- Other Books You May Enjoy
Product information
- Title: Incident Response with Threat Intelligence
- Author(s):
- Release date: June 2022
- Publisher(s): Packt Publishing
- ISBN: 9781801072953
You might also like
video
Threat Intelligence and Threat Hunting
7+ Hours of Video Instruction 7+ hours of video training exploring key threat intelligence and threat …
book
Intelligence-Driven Incident Response
Using a well-conceived incident response plan in the aftermath of an online security breach enables your …
book
Intelligence-Driven Incident Response, 2nd Edition
Using a well-conceived incident response plan in the aftermath of an online security breach enables your …
book
Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents
Create, maintain, and manage a continual cybersecurity incident response program using the practical steps presented in …