The Cybersecurity Trinity: Artificial Intelligence, Automation, and Active Cyber Defense
暫譯: 網路安全三位一體:人工智慧、自動化與主動網路防禦
Wendt, Donnie
商品描述
This book explores three crucial topics for cybersecurity professionals: artificial intelligence (AI), automation, and active cyber defense (ACD). The Cybersecurity Trinity will provide cybersecurity professionals with the necessary background to improve their defenses by harnessing the combined power of these three concepts. The book is divided into four sections, one addressing each underlying concept and the final section discussing integrating them to harness their full potential.
With the expected growth of AI and machine learning (ML), cybersecurity professionals must understand its core concepts to defend AI and ML-based systems. Also, most cybersecurity tools now incorporate AI and ML. However, many cybersecurity professionals lack a fundamental understanding of AI and ML. The book's first section aims to demystify AI and ML for cybersecurity practitioners by exploring how AI and ML systems work, where they are vulnerable, and how to defend them.
Next, we turn our attention to security automation. Human-centered cyber defense processes cannot keep pace with the threats targeting organizations. Security automation can help defenders drastically increase the speed of detection and response. This section will discuss core use cases that security teams can implement, including intelligence processing, incident triage, detection, and response. This section will end with strategies for a successful security automation implementation and strategies that can lead to failure.
Accelerating the defense is but one side of the equation. Defenders can also implement ACD methods to disrupt and slow the attacker. Of course, ACD spans a broad spectrum, including some that could raise legal and ethical concerns. This section will explore some ACD methods and discuss their applicability, as well as the need to include business, legal, and ethical considerations when implementing them.
Security teams often treat AI, automation, and ACD as disparate solutions, addressing specific problems. However, there is much overlap, and security teams must develop a cohesive approach to realize the full potential. The last section combines these three concepts to form a comprehensive strategy. The resulting strategy will have AI as the foundation, incorporating automation to speed up defense and ACD to disrupt the attacker.
What You Will Learn:
- Understand the many uses of AI and ML and the concepts underpinning these technologies.
- Learn how to protect AI and ML systems by recognizing the vulnerabilities throughout their lifecycle.
- Integrate AI and ML-based systems to enhance cybersecurity.
- Develop security automation processes to enhance situation awareness, speed the time to respond, and increase the bandwidth of the limited security operations staff.
- Develop an ACD strategy to slow the attackers while minimizing legal and ethical concerns.
- Design a comprehensive strategy with AI as the foundation, incorporating automation to speed up defense and ACD to disrupt the attacker.
Who This Book is for:
The primary audience is cybersecurity professionals looking to improve their organization's security posture by leveraging AI and ML-based security tools and combining them into a comprehensive strategy incorporating automation and ACD. This target audience will have a cybersecurity background and an interest in AI and ML.
Higher education would be a secondary audience.
商品描述(中文翻譯)
這本書探討了對於網路安全專業人士來說三個關鍵主題:人工智慧 (AI)、自動化和主動網路防禦 (ACD)。網路安全三位一體將為網路安全專業人士提供必要的背景知識,以利用這三個概念的綜合力量來改善他們的防禦。這本書分為四個部分,每個部分針對一個基本概念,最後一部分則討論如何整合這些概念以發揮其全部潛力。
隨著人工智慧和機器學習 (ML) 的預期增長,網路安全專業人士必須理解其核心概念,以保護基於 AI 和 ML 的系統。此外,現在大多數網路安全工具都整合了 AI 和 ML。然而,許多網路安全專業人士對 AI 和 ML 缺乏基本的理解。這本書的第一部分旨在為網路安全從業者揭開 AI 和 ML 的神秘面紗,探討 AI 和 ML 系統如何運作、它們的脆弱性以及如何防禦它們。
接下來,我們將注意力轉向安全自動化。以人為中心的網路防禦過程無法跟上針對組織的威脅。安全自動化可以幫助防禦者大幅提高檢測和響應的速度。本部分將討論安全團隊可以實施的核心使用案例,包括情報處理、事件分級、檢測和響應。本部分將以成功實施安全自動化的策略和可能導致失敗的策略作結。
加速防禦只是方程式的一個方面。防禦者還可以實施 ACD 方法來干擾和減緩攻擊者的行動。當然,ACD 涉及廣泛的範疇,其中一些可能引發法律和倫理問題。本部分將探討一些 ACD 方法,並討論其適用性,以及在實施時需要考慮商業、法律和倫理因素的必要性。
安全團隊通常將 AI、自動化和 ACD 視為各自獨立的解決方案,針對特定問題。然而,這三者之間有很多重疊,安全團隊必須發展出一個有凝聚力的方法,以實現其全部潛力。最後一部分將這三個概念結合起來,形成一個綜合策略。最終的策略將以 AI 為基礎,結合自動化以加速防禦,並利用 ACD 來干擾攻擊者。
您將學到的內容:
- 了解 AI 和 ML 的多種用途及其背後的概念。
- 學習如何通過識別其生命周期中的脆弱性來保護 AI 和 ML 系統。
- 整合基於 AI 和 ML 的系統以增強網路安全。
- 發展安全自動化流程以增強情境意識、加快響應時間,並提高有限的安全運營人員的帶寬。
- 制定 ACD 策略以減緩攻擊者,同時最小化法律和倫理問題。
- 設計一個以 AI 為基礎的綜合策略,結合自動化以加速防禦和 ACD 以干擾攻擊者。
本書適合誰:
本書的主要讀者是希望通過利用基於 AI 和 ML 的安全工具並將其結合成一個包含自動化和 ACD 的綜合策略來改善其組織安全狀態的網路安全專業人士。這一目標讀者將具備網路安全背景並對 AI 和 ML 感興趣。
高等教育將是次要讀者。
作者簡介
Donnie Wendt is a distinguished cybersecurity professional with extensive expertise in researching security threats and pioneering innovative solutions. He has broad practical experience implementing numerous cybersecurity solutions and is an accomplished presenter on securing machine learning, generative AI, security automation, and deception. In addition to his professional experience, Donnie is an adjunct professor of cybersecurity at Utica University. He earned a Doctorate in Computer Science from Colorado Technical University and a Master's in Cybersecurity from Utica University. After over 30 years in information technology, Donnie wants to share his knowledge with others.
The initial concept for the book arose from Donnie's doctoral dissertation, where he researched using security automation and deception to address both sides of the cyber defense equation. Over the past several years, AI has come to the forefront and is now used in many products, including cybersecurity solutions. Donnie realized that AI-powered solutions could provide the foundation to enhance his prior research. However, despite the prevalence of AI, many cybersecurity professionals do not understand its core concepts. Therefore, Donnie began his quest to educate colleagues on AI's power and associated risks.
作者簡介(中文翻譯)
Donnie Wendt 是一位傑出的網路安全專業人士,擁有廣泛的安全威脅研究和創新解決方案的專業知識。他在實施多種網路安全解決方案方面擁有豐富的實務經驗,並且在機器學習、安全生成式 AI、安全自動化和欺騙技術的安全性方面是一位出色的演講者。除了專業經驗外,Donnie 還是 Utica University 的網路安全兼任教授。他在 Colorado Technical University 獲得計算機科學博士學位,並在 Utica University 獲得網路安全碩士學位。在資訊技術領域工作超過 30 年後,Donnie 希望與他人分享他的知識。
本書的初步概念源自 Donnie 的博士論文,他在論文中研究了如何利用安全自動化和欺騙技術來解決網路防禦方程式的兩個方面。在過去幾年中,人工智慧(AI)已經成為焦點,並且現在被應用於許多產品中,包括網路安全解決方案。Donnie 意識到,基於 AI 的解決方案可以為他之前的研究提供基礎。然而,儘管 AI 的普及,許多網路安全專業人士仍然不理解其核心概念。因此,Donnie 開始了教育同事有關 AI 的力量和相關風險的探索之旅。
