دانلود کتاب Advanced Persistent Threat

فهرست مطالب :

Front Cover Half Title Advanced PersistentThreat Copyright Dedication Contents Author Biography Preface Understanding the Problem 1 The Changing Threat Introduction The Current Landscape Organizations View on Security You will be Compromised The Cyber ShopLifter The New Defense in Depth Proactive vs Reactive Loss of Common Sense It is All About Risk What Was In Place? Pain Killer Security Reducing the Surface Space HTML Embedded Email Buffer Overflows Macros in Office Documents The Traditional Threat Common Cold Reactive Security Automation The Emerging Threat APT—Cyber Cancer Advanced Persistent Threat (APT) APT—Stealthy, Targeted, and Data Focused Characteristics of the APT Defending Against the APT APT vs Traditional Threat Sample APT Attacks APT Multi-Phased Approach Summary 2 Why are Organizations Being Compromised? Introduction Doing Good Things and Doing the Right Things Security is Not Helpless Beyond Good or Bad Attackers are in Your Network Proactive, Predictive, and Adaptive Example of How to Win Data Centric Security Money Does Not Equal Security The New Approach to APT Selling Security to Your Executives Top Security Trends Summary 3 How are Organizations Being Compromised? Introduction What are Attackers After? Attacker Process Reconnaissance Scanning Exploitation Create Backdoors Cover Their Tracks Compromising a Server Compromising a Client Insider Threat Traditional Security Firewalls Dropped Packets InBound Prevention and OutBound Detection Intrusion Detection Summary 4 Risk-Based Approach to Security Introduction Products vs. Solutions Learning from the Past What is Risk? Focused Security Formal Risk Model Threat External vs. Internal Threat Vulnerability Known and Unknown Vulnerabilities Putting the Pieces Back Together Insurance Model Calculating Risk Summary Emerging Trends 5 Protecting Your Data Introduction Data Discovery Protected Enclaves Everything Starts with Your Data CIA Data Classification Data Classification Mistake 1 Data Classification Rule 1 Data Classification Mistake 2 Data Classification Rule 2 Data Classification Mistake 3 Data Classification Rule 3 Encryption Types of Encryption Goals of Encryption Data at Rest Data at Motion Encryption—More Than You Bargained For Network Segmentation and De-Scoping Encryption Free Zone Summary 6 Prevention is Ideal but Detection is a Must Introduction Inbound Prevention Outbound Detection Network vs. Host Making Hard Decisions Is AV/Host Protection Dead? Summary 7 Incident Response: Respond and Recover Introduction The New Rule Suicidal Mindset Incident Response Events/Audit Trails Sample Incidents 6-Step Process Preparation Identification Containment Eradication Recovery Lesson Learned Forensic Overview Summary 8 Technologies for Success Introduction Integrated Approach to APT How Bad is the Problem? Trying to Hit a Moving Target Finding the Needle in the Haystack Understand What You Have Identifying APT Assessment and Discovery Analysis and Remediation Program Review Minimizing the Problem End to End Solution for the APT Summary The Future and How to Win 9 The Changing Landscape: Cloud and Mobilization Introduction You Cannot Fight the Cloud Is the Cloud Really New? What is the Cloud? Securing the Cloud Reducing Cloud Computing Risks Mobilization—BYOD (Bring Your Own Device) Dealing with Future Technologies Summary 10 Proactive Security and Reputational Ranking Introduction Facing Reality Predicting Attacks to Become Proactive Advanced Persistent Threat Changing How You Think About Security The Problem has Changed The APT Defendable Network Summary 11 Focusing in on the Right Security Introduction What is the Problem That is Being Solved? If the Offense Knows More Than the Defense You Will Loose Enhancing User Awareness Virtualized Sandboxing Patching White Listing Summary 12 Implementing Adaptive Security Introduction Focusing on the Human Focusing on the Data Game Plan Prioritizing Risks Key Emerging Technologies The Critical Controls Summary Index A B C D E F H I M N O P R S T U V W Z main.pdf Copyright