Incident Response for Windows: Adapt effective strategies for managing sophisticated cyberattacks targeting Windows systems
Tykushin, Anatoly, Ostrovskaya, Svetlana, Volkov, Dmitry
- 出版商: Packt Publishing
- 出版日期: 2024-08-23
- 售價: $1,680
- 貴賓價: 9.5 折 $1,596
- 語言: 英文
- 頁數: 244
- 裝訂: Quality Paper - also called trade paper
- ISBN: 1804619329
- ISBN-13: 9781804619322
海外代購書籍(需單獨結帳)
相關主題
商品描述
Get to grips with modern sophisticated attacks, their intrusion life cycles, and the key motivations of adversaries, and build the most effective cybersecurity incident preparedness, response, remediation, and prevention methodologies
Key Features:
- Explore contemporary sophisticated cyber threats, focusing on their tactics, techniques, and procedures
- Craft the most robust enterprise-wide cybersecurity incident response methodology, scalable to any magnitude
- Master the development of efficient incident remediation and prevention strategies
- Purchase of the print or Kindle book includes a free PDF eBook
Book Description:
Cybersecurity incidents are becoming increasingly common and costly, making incident response a critical domain for organizations to understand and implement. This book enables you to effectively detect, respond to, and prevent cyberattacks on Windows-based systems by equipping you with the knowledge and tools needed to safeguard your organization's critical assets, in line with the current threat landscape.
The book begins by introducing you to modern sophisticated cyberattacks, including threat actors, methods, and motivations. Then, the phases of efficient incident response are linked to the attack's life cycle using a unified cyber kill chain. As you advance, you'll explore various types of Windows-based platform endpoint forensic evidence and the arsenal necessary to gain full visibility of the Windows infrastructure. The concluding chapters discuss the best practices in the threat hunting process, along with proactive approaches that you can take to discover cybersecurity incidents before they reach their final stage.
By the end of this book, you'll have gained the skills necessary to run intelligence-driven incident response in a Windows environment, establishing a full-fledged incident response and management process, as well as proactive methodologies to enhance the cybersecurity posture of an enterprise environment.
What You Will Learn:
- Explore diverse approaches and investigative procedures applicable to any Windows system
- Grasp various techniques to analyze Windows-based endpoints
- Discover how to conduct infrastructure-wide analyses to identify the scope of cybersecurity incidents
- Develop effective strategies for incident remediation and prevention
- Attain comprehensive infrastructure visibility and establish a threat hunting process
- Execute incident reporting procedures effectively
Who this book is for:
This book is for IT professionals, Windows IT administrators, cybersecurity practitioners, and incident response teams, including SOC teams, responsible for managing cybersecurity incidents in Windows-based environments. Specifically, system administrators, security analysts, and network engineers tasked with maintaining the security of Windows systems and networks will find this book indispensable. Basic understanding of Windows systems and cybersecurity concepts is needed to grasp the concepts in this book.
Table of Contents
- Introduction to the Threat Landscape
- Understanding the Attack Life Cycle
- Phases of an Efficient Incident Response on Windows Infrastructure
- Endpoint Forensic Evidence Collection
- Gaining Access to the Network
- Establishing A Foothold
- Network and Key Assets Discovery
- Network Propagation
- Data Collection and Exfiltration
- Impact
- Threat Hunting and Analysis of TTPs
- Incident Containment, Eradication, and Recovery
- Incident Investigation Closure and Reporting
商品描述(中文翻譯)
掌握現代複雜攻擊、其入侵生命週期及對手的主要動機,並建立最有效的網路安全事件準備、應對、修復和預防方法論。
主要特點:
- 探索當代複雜的網路威脅,重點關注其戰術、技術和程序
- 制定最強健的企業級網路安全事件應對方法論,能夠擴展到任何規模
- 精通高效的事件修復和預防策略的開發
- 購買印刷版或 Kindle 書籍可獲得免費 PDF 電子書
書籍描述:
網路安全事件變得越來越普遍且成本高昂,使得事件應對成為組織必須理解和實施的關鍵領域。本書使您能夠有效檢測、應對和預防針對基於 Windows 系統的網路攻擊,並為您提供保護組織關鍵資產所需的知識和工具,符合當前的威脅環境。
本書首先介紹現代複雜的網路攻擊,包括威脅行為者、方法和動機。然後,將高效事件應對的各個階段與攻擊的生命週期通過統一的網路殺傷鏈相連結。隨著進展,您將探索各種基於 Windows 平台的端點取證證據及獲得 Windows 基礎設施全面可見性所需的工具。最後幾章討論威脅獵捕過程中的最佳實踐,以及您可以採取的主動方法,以在網路安全事件達到最終階段之前發現它們。
在本書結束時,您將獲得在 Windows 環境中運行以情報為驅動的事件應對所需的技能,建立一個完整的事件應對和管理過程,以及增強企業環境網路安全姿態的主動方法論。
您將學到的內容:
- 探索適用於任何 Windows 系統的多樣化方法和調查程序
- 理解各種分析基於 Windows 的端點的技術
- 發現如何進行基礎設施範圍的分析,以識別網路安全事件的範圍
- 制定有效的事件修復和預防策略
- 獲得全面的基礎設施可見性並建立威脅獵捕過程
- 有效執行事件報告程序
本書適合對象:
本書適合 IT 專業人員、Windows IT 管理員、網路安全從業人員和事件應對團隊,包括負責管理基於 Windows 環境中的網路安全事件的 SOC 團隊。特別是系統管理員、安全分析師和負責維護 Windows 系統和網路安全的網路工程師將會發現本書不可或缺。需要對 Windows 系統和網路安全概念有基本了解,以掌握本書中的概念。
目錄:
- 威脅環境介紹
- 理解攻擊生命週期
- 在 Windows 基礎設施上高效事件應對的階段
- 端點取證證據收集
- 獲取網路訪問權限
- 建立立足點
- 網路和關鍵資產發現
- 網路擴散
- 數據收集和外洩
- 影響
- 威脅獵捕和 TTPs 分析
- 事件遏制、根除和恢復
- 事件調查結束和報告