Intelligence-Driven Incident Response by Scott J Roberts
Author:Scott J Roberts
Language: eng
Format: epub
Publisher: O'Reilly Media
Published: 2017-09-07T04:00:00+00:00
What to Exploit?
When F3EAD is not properly implemented or is not carried out completely, you likely will find yourself dealing with the same intrusions or types of incidents not too far down the road. In the Find, Fix, and Finish stages of the cycle, we focused on a specific attack, a specific adversary, and the specific actions needed to deal with that particular incident. By the end of the Finish phase of the GLASS WIZARD intrusion, we had identified a large amount of information around the intrusion, the actors behind it, and how they operated. But even though that information is organized in a way that facilitated incident response, that doesn’t necessarily mean it is in the right format for follow-up intelligence analysis.
In the Exploit phase, we begin the process that ensures that we learn from the incident. We focus on the threat, and not just the enemy. Because of this, it is important that we not only extract technical indicators related to the particular attack, such as malware samples and command-and-control IP addresses, but also the overarching aspects that led to the intrusion and allowed the attackers to be, at least to some degree, successful. This includes information about the vulnerabilities or weaknesses that were targeted in the attack and the information or systems that were targeted. We are not just trying to protect the network from a replay of the exact same attack, but to understand the various factors such as policies, technical vulnerabilities, or visibility gaps that led to the successful intrusion and to develop protections or detections for them as well. Because of this, we believe that there is very little information that should not be exploited and analyzed—but this, of course, makes managing that information complex.
After deciding what information will be exploited, it is necessary to extract that information from incident data, standardize it, and store it for future analysis and reference.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Algorithms of the Intelligent Web by Haralambos Marmanis;Dmitry Babenko(8317)
Test-Driven Development with Java by Alan Mellor(6897)
Data Augmentation with Python by Duc Haba(6824)
Principles of Data Fabric by Sonia Mezzetta(6565)
Learn Blender Simulations the Right Way by Stephen Pearson(6467)
Microservices with Spring Boot 3 and Spring Cloud by Magnus Larsson(6329)
Hadoop in Practice by Alex Holmes(5971)
Jquery UI in Action : Master the concepts Of Jquery UI: A Step By Step Approach by ANMOL GOYAL(5822)
RPA Solution Architect's Handbook by Sachin Sahgal(5724)
Big Data Analysis with Python by Ivan Marin(5451)
The Infinite Retina by Robert Scoble Irena Cronin(5428)
Life 3.0: Being Human in the Age of Artificial Intelligence by Tegmark Max(5167)
Pretrain Vision and Large Language Models in Python by Emily Webber(4414)
Infrastructure as Code for Beginners by Russ McKendrick(4188)
Functional Programming in JavaScript by Mantyla Dan(4052)
The Age of Surveillance Capitalism by Shoshana Zuboff(3968)
WordPress Plugin Development Cookbook by Yannick Lefebvre(3901)
Embracing Microservices Design by Ovais Mehboob Ahmed Khan Nabil Siddiqui and Timothy Oleson(3701)
Applied Machine Learning for Healthcare and Life Sciences Using AWS by Ujjwal Ratan(3678)
