Implement a vendor-neutral and multi-cloud cybersecurity and risk mitigation framework with advice from seasoned threat hunting pros
In Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks, celebrated cybersecurity professionals and authors Chris Peiris, Binil Pillai, and Abbas Kudrati leverage their decades of experience building large scale cyber fusion centers to deliver the ideal threat hunting resource for both business and technical audiences. You'll find insightful analyses of cloud platform security tools and, using the industry leading MITRE ATT&CK framework, discussions of the most common threat vectors.
You'll discover how to build a side-by-side cybersecurity fusion center on both Microsoft Azure and Amazon Web Services and deliver a multi-cloud strategy for enterprise customers. And you will find out how to create a vendor-neutral environment with rapid disaster recovery capability for maximum risk mitigation.
With this book you'll learn:
* Key business and technical drivers of cybersecurity threat hunting frameworks in today's technological environment
* Metrics available to assess threat hunting effectiveness regardless of an organization's size
* How threat hunting works with vendor-specific single cloud security offerings and on multi-cloud implementations
* A detailed analysis of key threat vectors such as email phishing, ransomware and nation state attacks
* Comprehensive AWS and Azure "how to" solutions through the lens of MITRE Threat Hunting Framework Tactics, Techniques and Procedures (TTPs)
* Azure and AWS risk mitigation strategies to combat key TTPs such as privilege escalation, credential theft, lateral movement, defend against command & control systems, and prevent data exfiltration
* Tools available on both the Azure and AWS cloud platforms which provide automated responses to attacks, and orchestrate preventative measures and recovery strategies
* Many critical components for successful adoption of multi-cloud threat hunting framework such as Threat Hunting Maturity Model, Zero Trust Computing, Human Elements of Threat Hunting, Integration of Threat Hunting with Security Operation Centers (SOCs) and Cyber Fusion Centers
* The Future of Threat Hunting with the advances in Artificial Intelligence, Machine Learning, Quantum Computing and the proliferation of IoT devices.
Perfect for technical executives (i.e., CTO, CISO), technical managers, architects, system admins and consultants with hands-on responsibility for cloud platforms, Threat Hunting in the Cloud is also an indispensable guide for business executives (i.e., CFO, COO CEO, board members) and managers who need to understand their organization's cybersecurity risk framework and mitigation strategy.
Autorentext
CHRIS PEIRIS, PhD, has advised Fortune 500 companies, Federal and State Governments, and Defense and Intelligence entities in the Americas, Asia, Japan, Europe, and Australia New Zealand. He has 25+ years of IT industry experience. He is the author of 10 published books and is a highly sought-after keynote speaker.
BINIL PILLAI is a Microsoft Global Security Compliance and Identity (SCI) Director for Strategy and Business Development focusing on the Small Medium Enterprise segment. He has 21+ years of experience in B2B cybersecurity, digital transformation, and management consulting. He is also a board advisor to several start-ups to help grow their businesses successfully.
ABBAS KUDRATI is a CISO and cybersecurity practitioner. He is currently Microsoft Asia's Lead Chief Cybersecurity Advisor for the Security Solution Area and serves as Executive Advisor to Deakin University, LaTrobe University, HITRUST ASIA, and EC Council ASIA.
Klappentext
A PROVEN AND COMPREHENSIVE APPROACH TO VENDOR-NEUTRAL AND MULTI-CLOUD CYBERSECURITY
In Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks, an expert team of celebrated cybersecurity professionals deliver an insightful and comprehensive threat hunting guide for business and technical audiences. The authors provide extensive analyses of cloud platform security tools and the most common threat vectors using the industry-leading MITRE ATT&CK framework. You'll learn how to build an integrated cybersecurity fusion center using Microsoft Azure and Amazon Web Services to deliver a multi-cloud Threat Hunting strategy for enterprise customers
Threat Hunting in the Cloud guides organizations of all sizes to strategize their security posture, ensure long-term sustainability and manage cyber risks. You'll also learn significant components of successful implementation of multi-cloud threat hunting frameworks, like the Threat Hunting Maturity Model, Zero Trust Computing, Human Elements of Threat Hunting, Integration of Threat Hunting with Security Operation Centers, and Cyber Fusion Centers. It concludes with a discussion of the future of threat hunting in areas like artificial intelligence, machine learning, quantum computing, the Internet of Things, Operational Technology, and Blockchain.
This book is ideal for Cybersecurity executives, including CTOs and CISOs, technical security professionals, and security analysts who want to learn and set up Threat Hunting capabilities for a multi-cloud environment.
Inhalt
Foreword xxxi
Introduction xxxiii
Part I Threat Hunting Frameworks 1
Chapter 1 Introduction to Threat Hunting 3
The Rise of Cybercrime 4
What Is Threat Hunting? 6
The Key Cyberthreats and Threat Actors 7
Phishing 7
Ransomware 8
Nation State 10
The Necessity of Threat Hunting 14
Does the Organization's Size Matter? 17
Threat Modeling 19
Threat-Hunting
Maturity Model 23
Organization Maturity and Readiness 23
Level 0: INITIAL 24
Level 1: MINIMAL 25
Level 2: PROCEDURAL 25
Level 3: INNOVATIVE 25
Level 4: LEADING 25
Human Elements of Threat Hunting 26
How Do You Make the Board of Directors Cyber-Smart? 27
Threat-Hunting Team Structure 30
External Model 30
Dedicated Internal Hunting Team Model 30
Combined/Hybrid Team Model 30
Periodic Hunt Teams Model 30
Urgent Need for Human-Led Threat Hunting 31
The Threat Hunter's Role 31
Summary 33
Chapter 2 Modern Approach to Multi-Cloud Threat Hunting 35
Multi-Cloud Threat Hunting 35
Multi-Tenant Cloud Environment 38
Threat Hunting in Multi-Cloud and Multi-Tenant Environments 39
Building Blocks for the Security Operations Center 41
Scope and Type of SOC 43
Services, Not Just Monitoring 43
SOC Model 43
Define a Process for Identifying and Managing Threats 44
Tools and Technologies to Empower SOC 44
People (Specialized Teams) 45
Cyberthreat Detection, Threat Modeling, and the Need for Proactive Threat Hunting Within SOC 46
Cyberthreat Detection 46
Threat-Hunting Goals and Objectives 49
Threat Modeling and SOC 50
The Need for a Proactive Hunting Team Within SOC 50
Assume Breach and Be Proactive 51
Invest in People 51
Develop an Informed Hypothesis 52
Cyber Resiliency and Organizational Culture 53
Skillsets Required for Threat Hunting 54
Security Analysis 55
Data Analysis 56
Programming Languages 56
Analytical Mindset 56
Soft Skills 56
Outsourcing 56
Threat-Hunting Process and Procedures 57
Metrics for Assessing the Effectiveness of Threat Hunting 58
Foundational Metrics 58
Operational Metrics 59
Threat-Hunting Program Effectivenes…