Книга "Охота за киберугрозами" научит вас выявлять потенциальные нарушения вашей безопасности. Вы будете учиться, изучая реальные сценарии из жизни, взятые из двадцатилетнего опыта работы автора Надхема Альфардана в области информационной безопасности. Начиная с основ, вы построите практическую схему охоты и узнаете о передовых методах оптимизации и совершенствования экспедиций. Вы узнаете, как использовать передовые методы, основанные на машинном обучении (ML) и статистическом анализе, чтобы помочь обнаружить аномалии. Самое главное, к этой практической книге прилагаются загружаемые наборы данных и шаблоны сценариев, чтобы вы могли практиковаться и оттачивать свои методы поиска угроз.
Follow the clues, track down the bad actors trying to access your systems, and uncover the chain of evidence left by even the most careful adversary. This practical guide to cyber threat hunting gives a reliable and repeatable framework to see and stop attacks.
In Cyber Threat Hunting you will learn how to:
Design and implement a cyber threat hunting framework Think like your adversaries Conduct threat hunting expeditions Streamline how you work with other cyber security teams Structure threat hunting expeditions without losing track of activities and clues Use statistics and machine learning techniques to hunt for threats
Organizations that actively seek out security intrusions reduce the time that bad actors spend on their sites, increase their cyber resilience, and build strong resistance to sophisticated covert threats. Cyber Threat Hunting teaches you to recognize attempts to access your systems by seeing the clues your adversaries leave behind. It lays out the path to becoming a successful cyber security threat hunter, guiding you from your very first expedition to hunting in complex cloud-native environments.
So far, we have conducted threat-hunting expeditions based on some explicit logic (e.g., signs of beaconing by calculating the time difference between connections) and then developing searches (e.g., search commands for a datastore) or code (e.g., Python code in Jupiter Notebooks), to apply the logic on data. In the Chapter8, we do the reverse: we let the data inform us about anomalies, some of which can interest threat hunters. We will apply unsupervised ML constructs to data to uncover anomalies, some of which could be malicious. In the chapter, you will explore and process data, extract features, build unsupervised ML models using K-Means, and interpret outputs. We explore building unsupervised machine learning models using K-Means, an algorithm we’ll introduce later in this chapter, to uncover anomalies of interest in network connection events. Concepts in this chapter represent essential blocks to building more sophisticated ML models in the following few chapters.
about the technology There’s no question about whether your security will come under attack. It already is. The real question is whether you’ll recognize and learn from the attacks when they occur. Cyber threat hunting makes the assumption that a system has been hacked and reveals the signs that have evaded detection tools, or been dismissed as unimportant. In the constantly evolving landscape of modern security, threat hunting is a vital practice to avoid complacency and harden your defenses against attack.
about the book Cyber Threat Hunting teaches you how to identify potential breaches of your security. You’ll learn by exploring real-life scenarios drawn from author Nadhem AlFardan’s twenty years in information security. Beginning with the fundamentals, you’ll build a practical hunting framework and discover good practices for optimizing and improving expeditions. You’ll learn how to employ advanced techniques that draw on Machine Learning and statistical analysis to help spot anomalies. Best of all, this practical book comes with downloadable datasets and scenario templates so you can practice and hone your threat hunting techniques.
Внимание
Уважаемый посетитель, Вы зашли на сайт как незарегистрированный пользователь.
Мы рекомендуем Вам зарегистрироваться либо войти на сайт под своим именем.
Информация
Посетители, находящиеся в группе Гости, не могут оставлять комментарии к данной публикации.