June 2023
Intermediate to advanced
343 pages
10h 22m
English
Content preview from Intelligence-Driven Incident Response, 2nd Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Chapter 10. Strategic Intelligence
Our products have become so specific, so tactical even, that our thinking has become tactical. We’re losing our strategic edge because we’re so focused on today’s issues.
John G. Heidenrich
Once you’ve worked through the F3EAD process—from day one of Find all the way through Disseminate—you may be wondering what comes next. Well, in most situations, there is barely enough time to work all the way through the entire intelligence-driven incident response process before you need to jump right back to the beginning with another intrusion or some other pressing task. While it may seem urgent to move onto something else, you are not quite done yet. Taking a little bit of time to understand if and how the recent incident fits into the strategic threat landscape is a task that will pay dividends down the road. It is one of the best ways to make sure that your organization actually learns from the incident and moves forward in a more resilient, informed manner.
All too often, incident responders must deal with the same situation manifesting itself in the same way, with the same vulnerabilities, the same lateral movement, maybe even the exact same stolen or reused passwords, and very often the same adversaries. At that point, many find themselves shaking their fists at the sky, asking how this could have happened. Didn’t we learn from the last time? Didn’t we fix the problems? Unfortunately, the answer is often “no.” When the last incident was resolved, ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.