Cloud Defense Strategies with Azure Sentinel by Marshall Copeland
Author:Marshall Copeland
Language: eng
Format: epub
ISBN: 9781484271322
Publisher: Apress
Email address
File hashes
IP addresses
Certificates
You continue to learn about criminal campaigns in reading the Microsoft Security Intelligence Report (SIR), Verizon Data Breach Investigations Report (DBIR), or Red Canary Threat Detection Report in Chapter 8. During the attacking campaigns processes from start-to-finish, you should realize the data attributes of the indicators of compromise are affected with quickly expiring values. The expiration can be seen in the confidence score because once the campaign, malware, and IOC are shared publicly, the attackers are already obscuring the weaponization stage of Cyber Kill Chain.
At this point in your learning processes it may be extremely helpful to have more details of the threat intelligence relationships between attributes of indicators of compromise using a learning example from a real-world cyber-attack. The example used is analyzing how the cyber-attack compromised the supply chain of SolarWinds. This example is for educational purposes only with IOC attributes, applying some of the knowledge about indicators of compromise shared between security providers, which is the focus for the example.
Analyzing Solarwinds Cyber-Attack Sidebar
The analysis framework is attributed to the Cybersecurity and Infrastructure Security Agency (CISA, www.cisa.gov/) (search for SolarWinds) and Center for Internet Security (CIS, www.cisecurity.org/solarwinds/).
Modern attacks are much more sophisticated than attacks in the past. One common tactic today is the use of lateral movement. In the SolarWinds attack, a software update process in a network management tool was compromised, and threat actors were able to gain deep access into targeted networks. The attackers were able to easily pivot from one system to another, gaining access and data as they moved.
1.
The IT company SolarWinds produced their Orion Platform, a monitoring platform that companies use to analyze computer network bandwidth and high availability of applications among other features.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7802)
Grails in Action by Glen Smith Peter Ledbrook(7716)
Azure Containers Explained by Wesley Haakman & Richard Hooper(6754)
Configuring Windows Server Hybrid Advanced Services Exam Ref AZ-801 by Chris Gill(6753)
Running Windows Containers on AWS by Marcio Morales(6270)
Kotlin in Action by Dmitry Jemerov(5087)
Microsoft 365 Identity and Services Exam Guide MS-100 by Aaron Guilmette(5017)
Combating Crime on the Dark Web by Nearchos Nearchou(4601)
Microsoft Cybersecurity Architect Exam Ref SC-100 by Dwayne Natwick(4527)
Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can't Afford to Be Left Behind by Charles Babcock(4435)
The Ruby Workshop by Akshat Paul Peter Philips Dániel Szabó and Cheyne Wallace(4280)
The Age of Surveillance Capitalism by Shoshana Zuboff(3968)
Python for Security and Networking - Third Edition by José Manuel Ortega(3844)
Learn Windows PowerShell in a Month of Lunches by Don Jones(3524)
The Ultimate Docker Container Book by Schenker Gabriel N.;(3509)
Learn Wireshark by Lisa Bock(3445)
Mastering Python for Networking and Security by José Manuel Ortega(3372)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3346)
Blockchain Basics by Daniel Drescher(3317)
