Threat Hunting in the Cloud
eBook - ePub

Threat Hunting in the Cloud

Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks

Chris Peiris,Binil Pillai,Abbas Kudrati

  1. English
  2. ePUB (adapté aux mobiles)
  3. Disponible sur iOS et Android
eBook - ePub

Threat Hunting in the Cloud

Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks

Chris Peiris,Binil Pillai,Abbas Kudrati

DĂ©tails du livre
Aperçu du livre
Table des matiĂšres
Citations

À propos de ce livre

Implement a vendor-neutral and multi-cloud cybersecurity and risk mitigation framework with advice from seasoned threat hunting pros

In Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks, celebrated cybersecurity professionals and authors Chris Peiris, Binil Pillai, and Abbas Kudrati leverage their decades of experience building large scale cyber fusion centers to deliver the ideal threat hunting resource for both business and technical audiences. You'll find insightful analyses of cloud platform security tools and, using the industry leading MITRE ATT&CK framework, discussions of the most common threat vectors.

You'll discover how to build a side-by-side cybersecurity fusion center on both Microsoft Azure and Amazon Web Services and deliver a multi-cloud strategy for enterprise customers. And you will find out how to create a vendor-neutral environment with rapid disaster recovery capability for maximum risk mitigation.

With this book you'll learn:

  • Key business and technical drivers of cybersecurity threat hunting frameworks in today's technological environment
  • Metrics available to assess threat hunting effectiveness regardless of an organization's size
  • How threat hunting works with vendor-specific single cloud security offerings and on multi-cloud implementations
  • A detailed analysis of key threat vectors such as email phishing, ransomware and nation state attacks
  • Comprehensive AWS and Azure "how to" solutions through the lens of MITRE Threat Hunting Framework Tactics, Techniques and Procedures (TTPs)
  • Azure and AWS risk mitigation strategies to combat key TTPs such as privilege escalation, credential theft, lateral movement, defend against command & control systems, and prevent data exfiltration
  • Tools available on both the Azure and AWS cloud platforms which provide automated responses to attacks, and orchestrate preventative measures and recovery strategies
  • Many critical components for successful adoption of multi-cloud threat hunting framework such as Threat Hunting Maturity Model, Zero Trust Computing, Human Elements of Threat Hunting, Integration of Threat Hunting with Security Operation Centers (SOCs) and Cyber Fusion Centers
  • The Future of Threat Hunting with the advances in Artificial Intelligence, Machine Learning, Quantum Computing and the proliferation of IoT devices.

Perfect for technical executives (i.e., CTO, CISO), technical managers, architects, system admins and consultants with hands-on responsibility for cloud platforms, Threat Hunting in the Cloud is also an indispensable guide for business executives (i.e., CFO, COO CEO, board members) and managers who need to understand their organization's cybersecurity risk framework and mitigation strategy.

Foire aux questions

Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier l’abonnement ». C’est aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via l’application. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă  la bibliothĂšque et Ă  toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode d’abonnement : avec l’abonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă  12 mois d’abonnement mensuel.
Qu’est-ce que Perlego ?
Nous sommes un service d’abonnement Ă  des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă  toute une bibliothĂšque pour un prix infĂ©rieur Ă  celui d’un seul livre par mois. Avec plus d’un million de livres sur plus de 1 000 sujets, nous avons ce qu’il vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Écouter sur votre prochain livre pour voir si vous pouvez l’écouter. L’outil Écouter lit le texte Ă  haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, l’accĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que Threat Hunting in the Cloud est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă  Threat Hunting in the Cloud par Chris Peiris,Binil Pillai,Abbas Kudrati en format PDF et/ou ePUB ainsi qu’à d’autres livres populaires dans Computer Science et Cryptography. Nous disposons de plus d’un million d’ouvrages Ă  dĂ©couvrir dans notre catalogue.

Informations

Éditeur
Wiley
Année
2021
ISBN
9781119804109
Édition
1
Sujet
Computer Science
Sous-sujet
Cryptography

Part I
Threat Hunting Frameworks

In This Part

  1. Chapter 1: Introduction to Threat Hunting
    Chapter 2: Modern Approach to Multi-Cloud Threat Hunting
    Chapter 3: Exploration of MITRE Key Attack Vectors

CHAPTER 1
Introduction to Threat Hunting

What's in This Chapter

  • The rise of cybercrime
  • What is threat hunting?
  • Key cyberthreats and threat actors
  • Why is threat hunting relevant to all organizations?
  • Does an organization's size matter?
  • Threat modeling
  • Threat hunting maturity model
  • Human elements of threat hunting
  • How do you make the board of directors cyber-smart?
  • Threat hunting team structure
  • The threat hunter's role

The Rise of Cybercrime

“If you protect your paper clips and diamonds with equal vigor
you'll soon have more paper clips and fewer diamonds.”
—Attributed to Dean Rusk, U.S. Secretary of State 1961–1969
This quote was first mentioned decades ago in the context of the cold war. However, it still resonates today, especially with the rise of cybercrime we are currently experiencing. Modern cybercrime is a sophisticated business with complex supply-chain activities and multiple threat actors working together in synergy. The threat actors are practicing division of labor, where one team is deployed to penetrate defenses and another team is subsequently employed to exploit the data breach. This level of sophistication is possible due to the staggering rewards cybercriminals and organized crime syndicates are achieving.
In 2009, the cost of cybercrime to the global economy was USD 1 trillion according to McAfee, the Silicon Valley based cybersecurity vendor, in a presentation to the World Economic Forum (WEF) in Davos, Switzerland. McAfee has since announced that cybercrime is estimated to top USD 6 trillion by 2021, according to Cybersecurity Ventures. This has been a significant increase in the last few years. The Cybersecurity Ventures report continues to elaborate that “if cybercrime is a country, it will be the third largest economy after the U.S. and China in the context of Gross Domestic Product (GDP) comparisons.”
Cybercriminals can be found globally and have different skillsets and motivations. Some types of cybercrime persist independent of economic, political, or social changes, while certain types are fueled by ideology and monetary gain. The cyber defenders and the industry face an extremely diverse set of criminal actors and their ever-evolving tactics and techniques. These threat actors are opportunistic in nature. These cybercriminals capitalize on disruptive events such as the COVID-19 pandemic. As COVID-19 spread globally, cybercriminals pivoted their lures to imitate trusted sources like the World Health Organization (WHO) and other national health organizations, in an effort to get users to click on malicious links and attachments.
The recent Solorigate nation state attack is another example of multi-layer sophisticated attacks. These attacks were driven by ideology, not pure monetary gain. We discuss this nation state attack in detail later in the chapter. These examples illustrate that cybersecurity is a key focus area for any organization in our modern cloud-centric world. The proliferation of private cloud, hybrid cloud, and public cloud has introduced another layer of sophistication/increased attack vectors for cyberattacks. Therefore, more focus should be on preventative methods to ensure “modern IT diamonds are secured” in relation to Dean Rusk's comments many decades earlier.
Email phishing in the enterprise context continues to grow and has become a dominant vector. Given the increase in available information regarding these schemes and technical advancements in detection, the criminals behind these attacks are now spending significant time, money, and effort to develop scams that are sufficiently sophisticated to victimize even savvy professionals. Attack techniques in phishing and business email compromises are evolving. Previously, cybercriminals focused their efforts on malware attacks, but they have shifted their focus to ransomware, as well as phishing attacks with the goal of harvesting user credentials. Human-operated ransomware gangs are performing massive, wide-ranging sweeps of the Internet, searching for vulnerable entry points. These vulnerable entry points will be controlled by sophisticated “command and control” systems to disrupt organizations via distributed denial of service (DDoS) attacks at the attacker's discretion. Defending against cybercriminals is a complex, ever-evolving, and never-ending challenge.
NOTE According to Cybersecurity Ventures, global cybercrime costs will grow by 15% per year over the next five years, reaching USD 10.5 trillion annually by 2025.
It is estimated that 50% of the world's data will be stored in the cloud infrastructure by 2025. This equates to approximately 100 zettabytes of data across public clouds, government-owned clouds, private clouds, and cloud storage providers. This exponential data growth provides incalculable opportunities for cybercriminals because data is the fundamental building block of the digitized economy. Chief Information Security Officers (CISOs) and security teams are burdened by conventional solutions that can't adapt to the cloud to effectively prevent cyberattacks. And pressures continue to mount as employees produce, access, and share more data remotely through cloud apps during disruptive events such as COVID-19.
NOTE The IBM Cost of Data Breach Report 2020 reports the following:
  • The average cost of a data breach is USD 3.86 million.
  • The U.S. has the most expensive data breaches.
  • Healthcare is the most vulnerable industry; the average cost is USD 7.13 million.
  • The average time to identify and contain a breach is 280 days.
It's staggering to comprehend that an adversary could be “lurking” inside your enterprise for 280 days/9+ months before being discovered and contained. Organizations are required to combat these growing threats and increase their security posture. They have to be proactive in their defense strategies. They also have to react very quickly when the enterprise is under attack. Threat hunting is a key tool available for defenders to protect their digital assets against their adversaries.

What Is Threat Hunting?

There are many different approaches to increasing an organization's cybersecurity defenses against adversaries. One fundamental solution is known as threat hunting. Threat hunting provides a proactive opportunity for an organization to uncover attacker presence in an environment. While no formal academic definition exists for threat hunting, leading global cybersecurity authority SANS defines threat hunting as the “proactive, analyst-driven process to search for attacker tactics,...

Table des matiĂšres

  1. Cover
  2. Table of Contents
  3. Title Page
  4. Foreword
  5. Introduction
  6. Part I: Threat Hunting Frameworks
  7. Part II: Hunting in Microsoft Azure
  8. Part III: Hunting in AWS
  9. Part IV: The Future
  10. Part V: Appendices
  11. Index
  12. Copyright
  13. Dedication
  14. About the Authors
  15. About the Technical Editors
  16. Acknowledgments
  17. End User License Agreement
Normes de citation pour Threat Hunting in the Cloud

APA 6 Citation

Peiris, C., Pillai, B., & Kudrati, A. (2021). Threat Hunting in the Cloud (1st ed.). Wiley. Retrieved from https://www.perlego.com/book/2879809/threat-hunting-in-the-cloud-defending-aws-azure-and-other-cloud-platforms-against-cyberattacks-pdf (Original work published 2021)

Chicago Citation

Peiris, Chris, Binil Pillai, and Abbas Kudrati. (2021) 2021. Threat Hunting in the Cloud. 1st ed. Wiley. https://www.perlego.com/book/2879809/threat-hunting-in-the-cloud-defending-aws-azure-and-other-cloud-platforms-against-cyberattacks-pdf.

Harvard Citation

Peiris, C., Pillai, B. and Kudrati, A. (2021) Threat Hunting in the Cloud. 1st edn. Wiley. Available at: https://www.perlego.com/book/2879809/threat-hunting-in-the-cloud-defending-aws-azure-and-other-cloud-platforms-against-cyberattacks-pdf (Accessed: 15 October 2022).

MLA 7 Citation

Peiris, Chris, Binil Pillai, and Abbas Kudrati. Threat Hunting in the Cloud. 1st ed. Wiley, 2021. Web. 15 Oct. 2022.