Synopses & Reviews
Synopsis
Threat intelligence--understanding the who, why, and how of attacks--is most valuable when applied directly to an organization's incident response capability for hunting and investigation. Threat intelligence has become more common and important in recent years. However, many professionals want a better understanding of how to apply this intelligence within their operations and organizations. This book explains the fundamentals of intelligence analysis and the best ways to apply it to your incident response function.
Synopsis
Using a well-conceived incident response plan in the aftermath of an online security breach enables your team to identify attackers and learn how they operate. But, only when you approach incident response with a cyber threat intelligence mindset will you truly understand the value of that information. With this practical guide, you'll learn the fundamentals of intelligence analysis, as well as the best ways to incorporate these techniques into your incident response process.
Each method reinforces the other: threat intelligence supports and augments incident response, while incident response generates useful threat intelligence. This book helps incident managers, malware analysts, reverse engineers, digital forensics specialists, and intelligence analysts understand, implement, and benefit from this relationship.
In three parts, this in-depth book includes:
- The fundamentals: get an introduction to cyber threat intelligence, the intelligence process, the incident-response process, and how they all work together
- Practical application: walk through the intelligence-driven incident response (IDIR) process using the F3EAD process--Find, Fix Finish, Exploit, Analyze, and Disseminate
- The way forward: explore big-picture aspects of IDIR that go beyond individual incident-response investigations, including intelligence team building