Practical Cyber Intelligence
eBook - ePub

Practical Cyber Intelligence

  1. 316 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Practical Cyber Intelligence

About this book

Your one stop solution to implement a Cyber Defense Intelligence program in to your organisation.

Key Features

  • Intelligence processes and procedures for response mechanisms
  • Master F3EAD to drive processes based on intelligence
  • Threat modeling and intelligent frameworks
  • Case studies and how to go about building intelligent teams

Book Description

Cyber intelligence is the missing link between your cyber defense operation teams, threat intelligence, and IT operations to provide your organization with a full spectrum of defensive capabilities. This book kicks off with the need for cyber intelligence and why it is required in terms of a defensive framework.

Moving forward, the book provides a practical explanation of the F3EAD protocol with the help of examples. Furthermore, we learn how to go about threat models and intelligence products/frameworks and apply them to real-life scenarios. Based on the discussion with the prospective author I would also love to explore the induction of a tool to enhance the marketing feature and functionality of the book.

By the end of this book, you will be able to boot up an intelligence program in your organization based on the operation and tactical/strategic spheres of Cyber defense intelligence.

What you will learn

  • Learn about the Observe-Orient-Decide-Act (OODA) loop and it's applicability to security
  • Understand tactical view of Active defense concepts and their application in today's threat landscape
  • Get acquainted with an operational view of the F3EAD process to drive decision making within an organization
  • Create a Framework and Capability Maturity Model that integrates inputs and outputs from key functions in an information security organization
  • Understand the idea of communicating with the Potential for Exploitability based on cyber intelligence

Who this book is for

This book targets incident managers, malware analysts, reverse engineers, digital forensics specialists, and intelligence analysts; experience in, or knowledge of, security operations, incident responses or investigations is desirable so you can make the most of the subjects presented.

Tools to learn more effectively

Saving Books

Saving Books

Keyword Search

Keyword Search

Annotating Text

Annotating Text

Listen to it instead

Listen to it instead

Baselines and Anomalies

Just as your hands have fingers, we don't judge the capability of grasping an object by looking at creating metrics for each finger. Each finger has a purpose, one to tighten, one to stabilize, and so on. Of course, we can improve our grasp, but we first must learn what it is to grasp (baseline) and what it is to improve the grasp (understanding the anomaly of improvement).
This chapter is about understanding the baselines and anomalies that exist on our network which extend across teams. As there is an ebb and flow with operations, we are able to establish normalcy among the daily tasks that are performed. We will discuss:
  • The challenge of continuous monitoring
  • Continuous monitoring Capability Maturity Model
  • Examples of integration of capabilities for continuous monitoring to improve defense

Setting up camp

I spent a lot of time in the field training for combat and after hours of running around in the woods, we would need to stop and rest. Wherever the location that we decided to camp in the evenings to rest up, our leadership made sure that we had a good foundation to set up a defense.
Here are a few examples:
  1. Never set up in an open field because then the adversary can see your strengths and weaknesses:
    • Cyber intelligence application:
      • Good training in security awareness will decrease one of the likelihoods of exploiting users
      • Reducing visibility (through collaboration between IT ops and IT security) for an adversary reduces the attack vectors
  2. If you are going to get attacked, don't make it easy. Guide them to where your strengths are:
    • Cyber intelligence application: Active defense techniques—guide the adversaries to the locations where they will most likely be found out
  3. Set up your camp in a location where you can observe the surrounding area to spot any movement:
    • Cyber intelligence application: Enabling good IT operations and InfoSec processes allows for identification of anomalies to the baseline

Baselines and anomalies

If you've been in IT and watched the level of traffic through your network on some tool, then you know that baselines are the starting point for comparisons. We can consider that baselines are what normal is. Conversely, anomalies are anything that trends against a baseline. These anomalies can be a positive impact or negative impact to the baseline that is being evaluated.
Establishing baselines can be difficult because we have to define what normal is and then start measuring against that normalcy. We define normalcy by monitoring the regular activities of the items that we are interested in against a specific amount of time.
The following are examples of anomalies against a baseline:
  • Regular users trying to access directories that they are not permitted access to more than five times in a week
  • Network usage spikes in off hours
So, before we go down a baselining/anomaly rabbit hole of what if statements (because we can establish baselines for numerous amount of things), let's narrow down our focus on the cyber intelligence to provide a continuous monitoring capability of identifying deviations to baselines on a few items between IT operations and IT security.

Continuous monitoring – the challenge

In the field, we would dig our fighting holes close enough to where we could communicate with each other on either side and spaced far enough to where a single attack by a mortar would not cause multiple casualties. The leader's fighting hole would be further back, but would have full view of where the teams set in so that the leader can go and communicate with the team as necessary in the heat of battle.
Just as preparing for combat in the field, in IT we need the right hand and the left hand to know what each is doing. If we can consider a local business unit as a platoon in my preceding example, comparatively we can add to the complexity of an enterprise to a battalion, regiment, or brigade.

Part 1

What makes it more challenging is the subjectivity of what needs to be monitored, as well as establishing normalcy.
For example, let's review the following diagram:
The concept here is relatively simple:
  • IT security takes care of reviewing the firewall logs
  • IT ...

Table of contents

  1. Title Page
  2. Copyright and Credits
  3. Dedication
  4. Packt Upsell
  5. Contributors
  6. Preface
  7. The Need for Cyber Intelligence
  8. Intelligence Development
  9. Integrating Cyber Intel, Security, and Operations
  10. Using Cyber Intelligence to Enable Active Defense
  11. F3EAD for You and for Me
  12. Integrating Threat Intelligence and Operations
  13. Creating the Collaboration Capability
  14. The Security Stack
  15. Driving Cyber Intel
  16. Baselines and Anomalies
  17. Putting Out the Fires
  18. Vulnerability Management
  19. Risky Business
  20. Assigning Metrics
  21. Wrapping Up
  22. Other Books You May Enjoy

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Practical Cyber Intelligence by Wilson Bautista in PDF and/or ePUB format, as well as other popular books in Ciencia de la computación & Ciencias computacionales general. We have over one million books available in our catalogue for you to explore.