{"product_id":"threat-hunting-in-the-cloud-isbn-9781119804062","title":"Threat Hunting in the Cloud","description":"\u003cp\u003e\u003cb\u003eImplement a vendor-neutral and multi-cloud cybersecurity and risk mitigation framework with advice from seasoned threat hunting pros\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIn \u003ci\u003eThreat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks\u003c\/i\u003e, celebrated cybersecurity professionals and authors Chris Peiris, Binil Pillai, and Abbas Kudrati leverage their decades of experience building large scale cyber fusion centers to deliver the ideal threat hunting resource for both business and technical audiences. You'll find insightful analyses of cloud platform security tools and, using the industry leading MITRE ATT\u0026amp;CK framework, discussions of the most common threat vectors.\u003c\/p\u003e \u003cp\u003eYou'll discover how to build a side-by-side cybersecurity fusion center on both Microsoft Azure and Amazon Web Services and deliver a multi-cloud strategy for enterprise customers. And you will find out how to create a vendor-neutral environment with rapid disaster recovery capability for maximum risk mitigation.\u003c\/p\u003e \u003cp\u003eWith this book you'll learn:\u003c\/p\u003e \u003cul\u003e \u003cli\u003eKey business and technical drivers of cybersecurity threat hunting frameworks in today's technological environment\u003c\/li\u003e \u003cli\u003eMetrics available to assess threat hunting effectiveness regardless of an organization's size\u003c\/li\u003e \u003cli\u003eHow threat hunting works with vendor-specific single cloud security offerings and on multi-cloud implementations\u003c\/li\u003e \u003cli\u003eA detailed analysis of key threat vectors such as email phishing, ransomware and nation state attacks\u003c\/li\u003e \u003cli\u003eComprehensive AWS and Azure \"how to\" solutions through the lens of MITRE Threat Hunting Framework Tactics, Techniques and Procedures (TTPs)\u003c\/li\u003e \u003cli\u003eAzure and AWS risk mitigation strategies to combat key TTPs such as privilege escalation, credential theft, lateral movement, defend against command \u0026amp; control systems, and prevent data exfiltration\u003c\/li\u003e \u003cli\u003eTools available on both the Azure and AWS cloud platforms which provide automated responses to attacks, and orchestrate preventative measures and recovery strategies\u003c\/li\u003e \u003cli\u003eMany critical components for successful adoption of multi-cloud threat hunting framework such as Threat Hunting Maturity Model, Zero Trust Computing, Human Elements of Threat Hunting, Integration of Threat Hunting with Security Operation Centers (SOCs) and Cyber Fusion Centers\u003c\/li\u003e \u003cli\u003eThe Future of Threat Hunting with the advances in Artificial Intelligence, Machine Learning, Quantum Computing and the proliferation of IoT devices.\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003ePerfect for technical executives (i.e., CTO, CISO), technical managers, architects, system admins and consultants with hands-on responsibility for cloud platforms, \u003ci\u003eThreat Hunting in the Cloud\u003c\/i\u003e is also an indispensable guide for business executives (i.e., CFO, COO CEO, board members) and managers who need to understand their organization's cybersecurity risk framework and mitigation strategy.\u003c\/p\u003e \u003cp\u003eForeword xxxi\u003c\/p\u003e \u003cp\u003eIntroduction xxxiii\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart I Threat Hunting Frameworks 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Introduction to Threat Hunting 3\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Rise of Cybercrime 4\u003c\/p\u003e \u003cp\u003eWhat Is Threat Hunting? 6\u003c\/p\u003e \u003cp\u003eThe Key Cyberthreats and Threat Actors 7\u003c\/p\u003e \u003cp\u003ePhishing 7\u003c\/p\u003e \u003cp\u003eRansomware 8\u003c\/p\u003e \u003cp\u003eNation State 10\u003c\/p\u003e \u003cp\u003eThe Necessity of Threat Hunting 14\u003c\/p\u003e \u003cp\u003eDoes the Organization’s Size Matter? 17\u003c\/p\u003e \u003cp\u003eThreat Modeling 19\u003c\/p\u003e \u003cp\u003eThreat-Hunting\u003c\/p\u003e \u003cp\u003eMaturity Model 23\u003c\/p\u003e \u003cp\u003eOrganization Maturity and Readiness 23\u003c\/p\u003e \u003cp\u003eLevel 0: INITIAL 24\u003c\/p\u003e \u003cp\u003eLevel 1: MINIMAL 25\u003c\/p\u003e \u003cp\u003eLevel 2: PROCEDURAL 25\u003c\/p\u003e \u003cp\u003eLevel 3: INNOVATIVE 25\u003c\/p\u003e \u003cp\u003eLevel 4: LEADING 25\u003c\/p\u003e \u003cp\u003eHuman Elements of Threat Hunting 26\u003c\/p\u003e \u003cp\u003eHow Do You Make the Board of Directors Cyber-Smart? 27\u003c\/p\u003e \u003cp\u003eThreat-Hunting Team Structure 30\u003c\/p\u003e \u003cp\u003eExternal Model 30\u003c\/p\u003e \u003cp\u003eDedicated Internal Hunting Team Model 30\u003c\/p\u003e \u003cp\u003eCombined\/Hybrid Team Model 30\u003c\/p\u003e \u003cp\u003ePeriodic Hunt Teams Model 30\u003c\/p\u003e \u003cp\u003eUrgent Need for Human-Led Threat Hunting 31\u003c\/p\u003e \u003cp\u003eThe Threat Hunter’s Role 31\u003c\/p\u003e \u003cp\u003eSummary 33\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Modern Approach to Multi-Cloud Threat Hunting 35\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eMulti-Cloud Threat Hunting 35\u003c\/p\u003e \u003cp\u003eMulti-Tenant Cloud Environment 38\u003c\/p\u003e \u003cp\u003eThreat Hunting in Multi-Cloud and Multi-Tenant Environments 39\u003c\/p\u003e \u003cp\u003eBuilding Blocks for the Security Operations Center 41\u003c\/p\u003e \u003cp\u003eScope and Type of SOC 43\u003c\/p\u003e \u003cp\u003eServices, Not Just Monitoring 43\u003c\/p\u003e \u003cp\u003eSOC Model 43\u003c\/p\u003e \u003cp\u003eDefine a Process for Identifying and Managing Threats 44\u003c\/p\u003e \u003cp\u003eTools and Technologies to Empower SOC 44\u003c\/p\u003e \u003cp\u003ePeople (Specialized Teams) 45\u003c\/p\u003e \u003cp\u003eCyberthreat Detection, Threat Modeling, and the Need for Proactive Threat Hunting Within SOC 46\u003c\/p\u003e \u003cp\u003eCyberthreat Detection 46\u003c\/p\u003e \u003cp\u003eThreat-Hunting Goals and Objectives 49\u003c\/p\u003e \u003cp\u003eThreat Modeling and SOC 50\u003c\/p\u003e \u003cp\u003eThe Need for a Proactive Hunting Team Within SOC 50\u003c\/p\u003e \u003cp\u003eAssume Breach and Be Proactive 51\u003c\/p\u003e \u003cp\u003eInvest in People 51\u003c\/p\u003e \u003cp\u003eDevelop an Informed Hypothesis 52\u003c\/p\u003e \u003cp\u003eCyber Resiliency and Organizational Culture 53\u003c\/p\u003e \u003cp\u003eSkillsets Required for Threat Hunting 54\u003c\/p\u003e \u003cp\u003eSecurity Analysis 55\u003c\/p\u003e \u003cp\u003eData Analysis 56\u003c\/p\u003e \u003cp\u003eProgramming Languages 56\u003c\/p\u003e \u003cp\u003eAnalytical Mindset 56\u003c\/p\u003e \u003cp\u003eSoft Skills 56\u003c\/p\u003e \u003cp\u003eOutsourcing 56\u003c\/p\u003e \u003cp\u003eThreat-Hunting Process and Procedures 57\u003c\/p\u003e \u003cp\u003eMetrics for Assessing the Effectiveness of Threat Hunting 58\u003c\/p\u003e \u003cp\u003eFoundational Metrics 58\u003c\/p\u003e \u003cp\u003eOperational Metrics 59\u003c\/p\u003e \u003cp\u003eThreat-Hunting Program Effectiveness 61\u003c\/p\u003e \u003cp\u003eSummary 62\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 Exploration of MITRE Key Attack Vectors 63\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding MITRE ATT\u0026amp;CK 63\u003c\/p\u003e \u003cp\u003eWhat Is MITRE ATT\u0026amp;CK Used For? 64\u003c\/p\u003e \u003cp\u003eHow Is MITRE ATT\u0026amp;CK Used and Who Uses It? 65\u003c\/p\u003e \u003cp\u003eHow Is Testing Done According to MITRE? 65\u003c\/p\u003e \u003cp\u003eTactics 67\u003c\/p\u003e \u003cp\u003eTechniques 67\u003c\/p\u003e \u003cp\u003eThreat Hunting Using Five Common Tactics 69\u003c\/p\u003e \u003cp\u003ePrivilege Escalation 71\u003c\/p\u003e \u003cp\u003eCase Study 72\u003c\/p\u003e \u003cp\u003eCredential Access 73\u003c\/p\u003e \u003cp\u003eCase Study 74\u003c\/p\u003e \u003cp\u003eLateral Movement 75\u003c\/p\u003e \u003cp\u003eCase Study 75\u003c\/p\u003e \u003cp\u003eCommand and Control 77\u003c\/p\u003e \u003cp\u003eCase Study 77\u003c\/p\u003e \u003cp\u003eExfiltration 79\u003c\/p\u003e \u003cp\u003eCase Study 79\u003c\/p\u003e \u003cp\u003eOther Methodologies and Key Threat-Hunting Tools to Combat\u003c\/p\u003e \u003cp\u003eAttack Vectors 80\u003c\/p\u003e \u003cp\u003eZero Trust 80\u003c\/p\u003e \u003cp\u003eThreat Intelligence and Zero Trust 83\u003c\/p\u003e \u003cp\u003eBuild Cloud-Based Defense-in-Depth 84\u003c\/p\u003e \u003cp\u003eAnalysis Tools 86\u003c\/p\u003e \u003cp\u003eMicrosoft Tools 86\u003c\/p\u003e \u003cp\u003eConnect To All Your Data 87\u003c\/p\u003e \u003cp\u003eWorkbooks 88\u003c\/p\u003e \u003cp\u003eAnalytics 88\u003c\/p\u003e \u003cp\u003eSecurity Automation and Orchestration 90\u003c\/p\u003e \u003cp\u003eInvestigation 91\u003c\/p\u003e \u003cp\u003eHunting 92\u003c\/p\u003e \u003cp\u003eCommunity 92\u003c\/p\u003e \u003cp\u003eAWS Tools 93\u003c\/p\u003e \u003cp\u003eAnalyzing Logs Directly 93\u003c\/p\u003e \u003cp\u003eSIEMs in the Cloud 94\u003c\/p\u003e \u003cp\u003eSummary 95\u003c\/p\u003e \u003cp\u003eResources 96\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart II Hunting in Microsoft Azure 99\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Microsoft Azure Cloud Threat Prevention Framework 101\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction to Microsoft Security 102\u003c\/p\u003e \u003cp\u003eUnderstanding the Shared Responsibility Model 102\u003c\/p\u003e \u003cp\u003eMicrosoft Services for Cloud Security Posture Management and Logging\/Monitoring 105\u003c\/p\u003e \u003cp\u003eOverview of Azure Security Center and Azure Defender 105\u003c\/p\u003e \u003cp\u003eOverview of Microsoft Azure Sentinel 108\u003c\/p\u003e \u003cp\u003eUsing Microsoft Secure and Protect Features 112\u003c\/p\u003e \u003cp\u003eIdentity \u0026amp; Access Management 113\u003c\/p\u003e \u003cp\u003eInfrastructure \u0026amp; Network 114\u003c\/p\u003e \u003cp\u003eData \u0026amp; Application 115\u003c\/p\u003e \u003cp\u003eCustomer Access 115\u003c\/p\u003e \u003cp\u003eUsing Azure Web Application Firewall to Protect a Website Against an “Initial Access” TTP 116\u003c\/p\u003e \u003cp\u003eUsing Microsoft Defender for Office 365 to Protect Against an “Initial Access” TTP 118\u003c\/p\u003e \u003cp\u003eUsing Microsoft Defender Endpoint to Protect Against an “Initial Access” TTP 121\u003c\/p\u003e \u003cp\u003eUsing Azure Conditional Access to Protect Against an “Initial Access” TTP 123\u003c\/p\u003e \u003cp\u003eMicrosoft Detect Services 127\u003c\/p\u003e \u003cp\u003eDetecting “Privilege Escalation” TTPs 128\u003c\/p\u003e \u003cp\u003eUsing Azure Security Center and Azure Sentinel to Detect Threats Against a “Privilege Escalation” TTP 128\u003c\/p\u003e \u003cp\u003eDetecting Credential Access 131\u003c\/p\u003e \u003cp\u003eUsing Azure Identity Protection to Detect Threats Against a “Credential Access” TTP 132\u003c\/p\u003e \u003cp\u003eSteps to Configure and Enable Risk Polices (Sign-in Risk and User Risk) 134\u003c\/p\u003e \u003cp\u003eUsing Azure Security Center and Azure Sentinel to Detect Threats Against a “Credential Access” TTP 137\u003c\/p\u003e \u003cp\u003eDetecting Lateral Movement 139\u003c\/p\u003e \u003cp\u003eUsing Just-in-Time in ASC to Protect and Detect Threats Against a “Lateral Movement” TTP 139\u003c\/p\u003e \u003cp\u003eUsing Azure Security Center and Azure Sentinel to Detect Threats Against a “Lateral Movement” TTP 144\u003c\/p\u003e \u003cp\u003eDetecting Command and Control 145\u003c\/p\u003e \u003cp\u003eUsing Azure Security Center and Azure Sentinel to Detect Threats Against a “Command and Control” TTP 146\u003c\/p\u003e \u003cp\u003eDetecting Data Exfiltration 147\u003c\/p\u003e \u003cp\u003eUsing Azure Information Protection to Detect Threats Against a “Data Exfiltration” TTP 148\u003c\/p\u003e \u003cp\u003eDiscovering Sensitive Content Using AIP 149\u003c\/p\u003e \u003cp\u003eUsing Azure Security Center and Azure Sentinel to Detect Threats Against a “Data Exfiltration” TTP 153\u003c\/p\u003e \u003cp\u003eDetecting Threats and Proactively Hunting with Microsoft 365 Defender 154\u003c\/p\u003e \u003cp\u003eMicrosoft Investigate, Response, and Recover Features 155\u003c\/p\u003e \u003cp\u003eAutomating Investigation and Remediation with Microsoft Defender for Endpoint 157\u003c\/p\u003e \u003cp\u003eUsing Microsoft Threat Expert Support for Remediation and Investigation 159\u003c\/p\u003e \u003cp\u003eTargeted Attack Notification 159\u003c\/p\u003e \u003cp\u003eExperts on Demand 161\u003c\/p\u003e \u003cp\u003eAutomating Security Response with MCAS and Microsoft Flow 166\u003c\/p\u003e \u003cp\u003eStep 1: Generate Your API Token in Cloud App Security 167\u003c\/p\u003e \u003cp\u003eStep 2: Create Your Trigger in Microsoft Flow 167\u003c\/p\u003e \u003cp\u003eStep 3: Create the Teams Message Action in Microsoft Flow 168\u003c\/p\u003e \u003cp\u003eStep 4: Generate an Email in Microsoft Flow 168\u003c\/p\u003e \u003cp\u003eConnecting the Flow in Cloud App Security 169\u003c\/p\u003e \u003cp\u003ePerforming an Automated Response Using Azure Security Center 170\u003c\/p\u003e \u003cp\u003eUsing Machine Learning and Artificial Intelligence in Threat Response 172\u003c\/p\u003e \u003cp\u003eOverview of Fusion Detections 173\u003c\/p\u003e \u003cp\u003eOverview of Azure Machine Learning 174\u003c\/p\u003e \u003cp\u003eSummary 182\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Microsoft Cybersecurity Reference Architecture and Capability Map 183\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 183\u003c\/p\u003e \u003cp\u003eMicrosoft Security Architecture versus the NIST Cybersecurity Framework (CSF) 184\u003c\/p\u003e \u003cp\u003eMicrosoft Security Architecture 185\u003c\/p\u003e \u003cp\u003eThe Identify Function 186\u003c\/p\u003e \u003cp\u003eThe Protect Function 187\u003c\/p\u003e \u003cp\u003eThe Detect Function 188\u003c\/p\u003e \u003cp\u003eThe Respond Function 189\u003c\/p\u003e \u003cp\u003eThe Recover Function 189\u003c\/p\u003e \u003cp\u003eUsing the Microsoft Reference Architecture 190\u003c\/p\u003e \u003cp\u003eMicrosoft Threat Intelligence 190\u003c\/p\u003e \u003cp\u003eService Trust Portal 192\u003c\/p\u003e \u003cp\u003eSecurity Development Lifecycle (SDL) 193\u003c\/p\u003e \u003cp\u003eProtecting the Hybrid Cloud Infrastructure 194\u003c\/p\u003e \u003cp\u003eAzure Marketplace 194\u003c\/p\u003e \u003cp\u003ePrivate Link 195\u003c\/p\u003e \u003cp\u003eAzure Arc 196\u003c\/p\u003e \u003cp\u003eAzure Lighthouse 197\u003c\/p\u003e \u003cp\u003eAzure Firewall 198\u003c\/p\u003e \u003cp\u003eAzure Web Application Firewall (WAF) 200\u003c\/p\u003e \u003cp\u003eAzure DDOS Protection 200\u003c\/p\u003e \u003cp\u003eAzure Key Vault 201\u003c\/p\u003e \u003cp\u003eAzure Bastion 202\u003c\/p\u003e \u003cp\u003eAzure Site Recovery 204\u003c\/p\u003e \u003cp\u003eAzure Security Center (ASC) 205\u003c\/p\u003e \u003cp\u003eMicrosoft Azure Secure Score 205\u003c\/p\u003e \u003cp\u003eProtecting Endpoints and Clients 206\u003c\/p\u003e \u003cp\u003eMicrosoft Endpoint Manager (MEM) Configuration Manager 207\u003c\/p\u003e \u003cp\u003eMicrosoft Intune 208\u003c\/p\u003e \u003cp\u003eProtecting Identities and Access 209\u003c\/p\u003e \u003cp\u003eAzure AD Conditional Access 210\u003c\/p\u003e \u003cp\u003ePasswordless for End-to-End\u003c\/p\u003e \u003cp\u003eSecure Identity 211\u003c\/p\u003e \u003cp\u003eAzure Active Directory (aka Azure AD) 211\u003c\/p\u003e \u003cp\u003eAzure MFA 211\u003c\/p\u003e \u003cp\u003eAzure Active Directory Identity Protection 212\u003c\/p\u003e \u003cp\u003eAzure Active Directory Privilege Identity\u003c\/p\u003e \u003cp\u003eManagement (PIM) 213\u003c\/p\u003e \u003cp\u003eMicrosoft Defender for Identity 214\u003c\/p\u003e \u003cp\u003eAzure AD B2B and B2C 215\u003c\/p\u003e \u003cp\u003eAzure AD Identity Governance 215\u003c\/p\u003e \u003cp\u003eProtecting SaaS Apps 216\u003c\/p\u003e \u003cp\u003eProtecting Data and Information 219\u003c\/p\u003e \u003cp\u003eAzure Purview 220\u003c\/p\u003e \u003cp\u003eMicrosoft Information Protection (MIP) 221\u003c\/p\u003e \u003cp\u003eAzure Information Protection Unified Labeling Scanner (File Scanner) 222\u003c\/p\u003e \u003cp\u003eThe Advanced eDiscovery Solution in Microsoft 365 223\u003c\/p\u003e \u003cp\u003eCompliance Manager 224\u003c\/p\u003e \u003cp\u003eProtecting IoT and Operation Technology 225\u003c\/p\u003e \u003cp\u003eSecurity Concerns with IoT 226\u003c\/p\u003e \u003cp\u003eUnderstanding That IoT Cybersecurity Starts with a Threat Model 227\u003c\/p\u003e \u003cp\u003eMicrosoft Investment in IoT Technology 229\u003c\/p\u003e \u003cp\u003eAzure Sphere 229\u003c\/p\u003e \u003cp\u003eAzure Defender 229\u003c\/p\u003e \u003cp\u003eAzure Defender for IoT 230\u003c\/p\u003e \u003cp\u003eThreat Modeling for the Azure IoT Reference Architecture 230\u003c\/p\u003e \u003cp\u003eAzure Defender for IoT Architecture (Agentless Solutions) 233\u003c\/p\u003e \u003cp\u003eAzure Defender for IoT Architecture (Agent-based solutions) 234\u003c\/p\u003e \u003cp\u003eUnderstanding the Security Operations Solutions 235\u003c\/p\u003e \u003cp\u003eUnderstanding the People Security Solutions 236\u003c\/p\u003e \u003cp\u003eAttack Simulator 237\u003c\/p\u003e \u003cp\u003eInsider Risk Management (IRM) 237\u003c\/p\u003e \u003cp\u003eCommunication Compliance 239\u003c\/p\u003e \u003cp\u003eSummary 240\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart III Hunting in AWS 241\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 AWS Cloud Threat Prevention Framework 243\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction to AWS Well-Architected Framework 244\u003c\/p\u003e \u003cp\u003eThe Five Pillars of the Well-Architected Framework 245\u003c\/p\u003e \u003cp\u003eOperational Excellence 246\u003c\/p\u003e \u003cp\u003eSecurity 246\u003c\/p\u003e \u003cp\u003eReliability 246\u003c\/p\u003e \u003cp\u003ePerformance Efficiency 246\u003c\/p\u003e \u003cp\u003eCost Optimization 246\u003c\/p\u003e \u003cp\u003eThe Shared Responsibility Model 246\u003c\/p\u003e \u003cp\u003eAWS Services for Monitoring, Logging, and Alerting 248\u003c\/p\u003e \u003cp\u003eAWS CloudTrail 249\u003c\/p\u003e \u003cp\u003eAmazon CloudWatch Logs 251\u003c\/p\u003e \u003cp\u003eAmazon VPC Flow Logs 252\u003c\/p\u003e \u003cp\u003eAmazon GuardDuty 253\u003c\/p\u003e \u003cp\u003eAWS Security Hub 254\u003c\/p\u003e \u003cp\u003eAWS Protect Features 256\u003c\/p\u003e \u003cp\u003eHow Do You Prevent Initial Access? 256\u003c\/p\u003e \u003cp\u003eHow Do You Protect APIs from SQL Injection Attacks Using API\u003c\/p\u003e \u003cp\u003eGateway and AWS WAF? 256\u003c\/p\u003e \u003cp\u003ePrerequisites 257\u003c\/p\u003e \u003cp\u003eCreate an API 257\u003c\/p\u003e \u003cp\u003eCreate and Configure an AWS WAF 259\u003c\/p\u003e \u003cp\u003eAWS Detection Features 263\u003c\/p\u003e \u003cp\u003eHow Do You Detect Privilege Escalation? 263\u003c\/p\u003e \u003cp\u003eHow Do You Detect the Abuse of Valid Account to Obtain High-Level Permissions? 264\u003c\/p\u003e \u003cp\u003ePrerequisites 264\u003c\/p\u003e \u003cp\u003eConfigure GuardDuty to Detect Privilege Escalation 265\u003c\/p\u003e \u003cp\u003eReviewing the Findings 266\u003c\/p\u003e \u003cp\u003eHow Do You Detect Credential Access? 269\u003c\/p\u003e \u003cp\u003eHow Do You Detect Unsecured Credentials? 269\u003c\/p\u003e \u003cp\u003ePrerequisites 270\u003c\/p\u003e \u003cp\u003eReviewing the Findings 274\u003c\/p\u003e \u003cp\u003eHow Do You Detect Lateral Movement? 276\u003c\/p\u003e \u003cp\u003eHow Do You Detect the Use of Stolen Alternate Authentication Material? 277\u003c\/p\u003e \u003cp\u003ePrerequisites 277\u003c\/p\u003e \u003cp\u003eHow Do You Detect Potential Unauthorized Access to Your AWS Resources? 277\u003c\/p\u003e \u003cp\u003eReviewing the Findings 278\u003c\/p\u003e \u003cp\u003eHow Do You Detect Command and Control? 280\u003c\/p\u003e \u003cp\u003eHow Do You Detect the Communications to a Command and Control Server Using the Domain Name System (DNS)? 281\u003c\/p\u003e \u003cp\u003ePrerequisites 281\u003c\/p\u003e \u003cp\u003eHow Do You Detect EC2 Instance Communication with a Command and Control (C\u0026amp;C) Server Using DNS 281\u003c\/p\u003e \u003cp\u003eReviewing the Findings 282\u003c\/p\u003e \u003cp\u003eHow Do You Detect Data Exfiltration? 284\u003c\/p\u003e \u003cp\u003ePrerequisites 285\u003c\/p\u003e \u003cp\u003eHow Do You Detect the Exfiltration Using an Anomalous API Request? 285\u003c\/p\u003e \u003cp\u003eReviewing the Findings 286\u003c\/p\u003e \u003cp\u003eHow Do You Handle Response and Recover? 289\u003c\/p\u003e \u003cp\u003eFoundation of Incident Response 289\u003c\/p\u003e \u003cp\u003eHow Do You Create an Automated Response? 290\u003c\/p\u003e \u003cp\u003eAutomating Incident Responses 290\u003c\/p\u003e \u003cp\u003eOptions for Automating Responses 291\u003c\/p\u003e \u003cp\u003eCost Comparisons in Scanning Methods 293\u003c\/p\u003e \u003cp\u003eEvent-Driven Responses 294\u003c\/p\u003e \u003cp\u003eHow Do You Automatically Respond to Unintended Disabling of CloudTrail Logging? 295\u003c\/p\u003e \u003cp\u003ePrerequisites 296\u003c\/p\u003e \u003cp\u003eCreating a Trail in CloudTrail 296\u003c\/p\u003e \u003cp\u003eCreating an SNS Topic to Send Emails 299\u003c\/p\u003e \u003cp\u003eCreating Rules in Amazon EventBridge 302\u003c\/p\u003e \u003cp\u003eHow Do You Orchestrate and Recover? 305\u003c\/p\u003e \u003cp\u003eDecision Trees 305\u003c\/p\u003e \u003cp\u003eUse Alternative Accounts 305\u003c\/p\u003e \u003cp\u003eView or Copy Data 306\u003c\/p\u003e \u003cp\u003eSharing Amazon EBS Snapshots 306\u003c\/p\u003e \u003cp\u003eSharing Amazon CloudWatch Logs 306\u003c\/p\u003e \u003cp\u003eUse Immutable Storage 307\u003c\/p\u003e \u003cp\u003eLaunch Resources Near the Event 307\u003c\/p\u003e \u003cp\u003eIsolate Resources 308\u003c\/p\u003e \u003cp\u003eLaunch Forensic Workstations 309\u003c\/p\u003e \u003cp\u003eInstance Types and Locations 309\u003c\/p\u003e \u003cp\u003eHow Do You Automatically Recover from Unintended Disabling of CloudTrail Logging? 310\u003c\/p\u003e \u003cp\u003ePrerequisites 311\u003c\/p\u003e \u003cp\u003eAggregate and View Security Status in AWS Security Hub 311\u003c\/p\u003e \u003cp\u003eReviewing the Findings 312\u003c\/p\u003e \u003cp\u003eCreate Lambda Function to Orchestrate and Recover 314\u003c\/p\u003e \u003cp\u003eHow Are Machine Learning and Artificial Intelligence Used? 317\u003c\/p\u003e \u003cp\u003eSummary 318\u003c\/p\u003e \u003cp\u003eReferences 319\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 AWS Reference Architecture 321\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAWS Security Framework Overview 322\u003c\/p\u003e \u003cp\u003eThe Identify Function Overview 323\u003c\/p\u003e \u003cp\u003eThe Protect Function Overview 324\u003c\/p\u003e \u003cp\u003eThe Detect Function Overview 325\u003c\/p\u003e \u003cp\u003eThe Respond Function Overview 325\u003c\/p\u003e \u003cp\u003eThe Recover Function Overview 325\u003c\/p\u003e \u003cp\u003eAWS Reference Architecture 326\u003c\/p\u003e \u003cp\u003eThe Identify Function 326\u003c\/p\u003e \u003cp\u003eSecurity Hub 328\u003c\/p\u003e \u003cp\u003eAWS Config 329\u003c\/p\u003e \u003cp\u003eAWS Organizations 330\u003c\/p\u003e \u003cp\u003eAWS Control Tower 331\u003c\/p\u003e \u003cp\u003eAWS Trusted Advisor 332\u003c\/p\u003e \u003cp\u003eAWS Well-Architected Tool 333\u003c\/p\u003e \u003cp\u003eAWS Service Catalog 334\u003c\/p\u003e \u003cp\u003eAWS Systems Manager 335\u003c\/p\u003e \u003cp\u003eAWS Identity and Access Management (IAM) 337\u003c\/p\u003e \u003cp\u003eAWS Single Sign-On (SSO) 338\u003c\/p\u003e \u003cp\u003eAWS Shield 340\u003c\/p\u003e \u003cp\u003eAWS Web Application Firewall (WAF) 340\u003c\/p\u003e \u003cp\u003eAWS Firewall Manager 342\u003c\/p\u003e \u003cp\u003eAWS Cloud HSM 343\u003c\/p\u003e \u003cp\u003eAWS Secrets Manager 345\u003c\/p\u003e \u003cp\u003eAWS Key Management Service (KMS) 345\u003c\/p\u003e \u003cp\u003eAWS Certificate Manager 346\u003c\/p\u003e \u003cp\u003eAWS IoT Device Defender 347\u003c\/p\u003e \u003cp\u003eAmazon Virtual Private Cloud 347\u003c\/p\u003e \u003cp\u003eAWS PrivateLink 349\u003c\/p\u003e \u003cp\u003eAWS Direct Connect 349\u003c\/p\u003e \u003cp\u003eAWS Transit Gateway 350\u003c\/p\u003e \u003cp\u003eAWS Resource Access Manager 351\u003c\/p\u003e \u003cp\u003eThe Detect and Respond Functions 353\u003c\/p\u003e \u003cp\u003eGuardDuty 354\u003c\/p\u003e \u003cp\u003eAmazon Detective 356\u003c\/p\u003e \u003cp\u003eAmazon Macie 357\u003c\/p\u003e \u003cp\u003eAmazon Inspector 358\u003c\/p\u003e \u003cp\u003eAmazon CloudTrail 359\u003c\/p\u003e \u003cp\u003eAmazon CloudWatch 360\u003c\/p\u003e \u003cp\u003eAmazon Lambda 361\u003c\/p\u003e \u003cp\u003eAWS Step Functions 362\u003c\/p\u003e \u003cp\u003eAmazon Route 53 363\u003c\/p\u003e \u003cp\u003eAWS Personal Health Dashboard 364\u003c\/p\u003e \u003cp\u003eThe Recover Functions 365\u003c\/p\u003e \u003cp\u003eAmazon Glacier 366\u003c\/p\u003e \u003cp\u003eAWS CloudFormation 366\u003c\/p\u003e \u003cp\u003eCloudEndure Disaster Recovery 367\u003c\/p\u003e \u003cp\u003eAWS OpsWorks 368\u003c\/p\u003e \u003cp\u003eSummary 369\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart IV The Future 371\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Threat Hunting in Other Cloud Providers 373\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Google Cloud Platform 374\u003c\/p\u003e \u003cp\u003eGoogle Cloud Platform Security Architecture alignment to NIST 376\u003c\/p\u003e \u003cp\u003eThe Identify Function 376\u003c\/p\u003e \u003cp\u003eThe Protect Function 378\u003c\/p\u003e \u003cp\u003eThe Detect Function 380\u003c\/p\u003e \u003cp\u003eThe Respond Function 382\u003c\/p\u003e \u003cp\u003eThe Recover Function 383\u003c\/p\u003e \u003cp\u003eThe IBM Cloud 385\u003c\/p\u003e \u003cp\u003eOracle Cloud Infrastructure Security 386\u003c\/p\u003e \u003cp\u003eOracle SaaS Cloud Security Threat Intelligence 387\u003c\/p\u003e \u003cp\u003eThe Alibaba Cloud 388\u003c\/p\u003e \u003cp\u003eSummary 389\u003c\/p\u003e \u003cp\u003eReferences 389\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9 The Future of Threat Hunting 391\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eArtificial Intelligence and Machine Learning 393\u003c\/p\u003e \u003cp\u003eHow ML Reduces False Positives 395\u003c\/p\u003e \u003cp\u003eHow Machine Intelligence Applies to Malware Detection 395\u003c\/p\u003e \u003cp\u003eHow Machine Intelligence Applies to Risk Scoring in a Network 396\u003c\/p\u003e \u003cp\u003eAdvances in Quantum Computing 396\u003c\/p\u003e \u003cp\u003eQuantum Computing Challenges 398\u003c\/p\u003e \u003cp\u003ePreparing for the Quantum Future 399\u003c\/p\u003e \u003cp\u003eAdvances in IoT and Their Impact 399\u003c\/p\u003e \u003cp\u003eGrowing IoT Cybersecurity Risks 401\u003c\/p\u003e \u003cp\u003ePreparing for IoT Challenges 403\u003c\/p\u003e \u003cp\u003eOperational Technology (OT) 405\u003c\/p\u003e \u003cp\u003eImportance of OT Security 406\u003c\/p\u003e \u003cp\u003eBlockchain 406\u003c\/p\u003e \u003cp\u003eThe Future of Cybersecurity with Blockchain 407\u003c\/p\u003e \u003cp\u003eThreat Hunting as a Service 407\u003c\/p\u003e \u003cp\u003eThe Evolution of the Threat-Hunting Tool 408\u003c\/p\u003e \u003cp\u003ePotential Regulatory Guidance 408\u003c\/p\u003e \u003cp\u003eSummary 409\u003c\/p\u003e \u003cp\u003eReferences 409\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart V Appendices 411\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix A MITRE ATT\u0026amp;CK Tactics 413\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix B Privilege Escalation 415\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix C Credential Access 421\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix D Lateral Movement 431\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix E Command and Control 435\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix F Data Exfiltration 443\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix G MITRE Cloud Matrix 447\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eInitial Access 447\u003c\/p\u003e \u003cp\u003eDrive-by\u003c\/p\u003e \u003cp\u003eCompromise 447\u003c\/p\u003e \u003cp\u003eExploiting a Public-Facing\u003c\/p\u003e \u003cp\u003eApplication 450\u003c\/p\u003e \u003cp\u003ePhishing 450\u003c\/p\u003e \u003cp\u003eUsing Trusted Relationships 451\u003c\/p\u003e \u003cp\u003eUsing Valid Accounts 452\u003c\/p\u003e \u003cp\u003ePersistence 452\u003c\/p\u003e \u003cp\u003eManipulating Accounts 452\u003c\/p\u003e \u003cp\u003eCreating Accounts 453\u003c\/p\u003e \u003cp\u003eImplanting a Container Image 454\u003c\/p\u003e \u003cp\u003eOffice Application Startup 454\u003c\/p\u003e \u003cp\u003eUsing Valid Accounts 455\u003c\/p\u003e \u003cp\u003ePrivilege Escalation 456\u003c\/p\u003e \u003cp\u003eModifying the Domain Policy 456\u003c\/p\u003e \u003cp\u003eUsing Valid Accounts 457\u003c\/p\u003e \u003cp\u003eDefense Evasion 457\u003c\/p\u003e \u003cp\u003eModifying Domain Policy 457\u003c\/p\u003e \u003cp\u003eImpairing Defenses 458\u003c\/p\u003e \u003cp\u003eModifying the Cloud Compute Infrastructure 459\u003c\/p\u003e \u003cp\u003eUsing Unused\/Unsupported Cloud Regions 459\u003c\/p\u003e \u003cp\u003eUsing Alternate Authentication Material 460\u003c\/p\u003e \u003cp\u003eUsing Valid Accounts 461\u003c\/p\u003e \u003cp\u003eCredential Access 461\u003c\/p\u003e \u003cp\u003eUsing Brute Force Methods 461\u003c\/p\u003e \u003cp\u003eForging Web Credentials 462\u003c\/p\u003e \u003cp\u003eStealing an Application Access Token 462\u003c\/p\u003e \u003cp\u003eStealing Web Session Cookies 463\u003c\/p\u003e \u003cp\u003eUsing Unsecured Credentials 464\u003c\/p\u003e \u003cp\u003eDiscovery 464\u003c\/p\u003e \u003cp\u003eManipulating Account Discovery 464\u003c\/p\u003e \u003cp\u003eManipulating Cloud Infrastructure Discovery 465\u003c\/p\u003e \u003cp\u003eUsing a Cloud Service Dashboard 466\u003c\/p\u003e \u003cp\u003eUsing Cloud Service Discovery 466\u003c\/p\u003e \u003cp\u003eScanning Network Services 467\u003c\/p\u003e \u003cp\u003eDiscovering Permission Groups 467\u003c\/p\u003e \u003cp\u003eDiscovering Software 468\u003c\/p\u003e \u003cp\u003eDiscovering System Information 468\u003c\/p\u003e \u003cp\u003eDiscovering System Network Connections 469\u003c\/p\u003e \u003cp\u003eLateral Movement 469\u003c\/p\u003e \u003cp\u003eInternal Spear Phishing 469\u003c\/p\u003e \u003cp\u003eUsing Alternate Authentication Material 470\u003c\/p\u003e \u003cp\u003eCollection 471\u003c\/p\u003e \u003cp\u003eCollecting Data from a Cloud Storage Object 471\u003c\/p\u003e \u003cp\u003eCollecting Data from Information Repositories 471\u003c\/p\u003e \u003cp\u003eCollecting Staged Data 472\u003c\/p\u003e \u003cp\u003eCollecting Email 473\u003c\/p\u003e \u003cp\u003eData Exfiltration 474\u003c\/p\u003e \u003cp\u003eDetecting Exfiltration 474\u003c\/p\u003e \u003cp\u003eImpact 475\u003c\/p\u003e \u003cp\u003eDefacement 475\u003c\/p\u003e \u003cp\u003eEndpoint Denial of Service 475\u003c\/p\u003e \u003cp\u003eResource Hijacking 477\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix H Glossary 479\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIndex 489\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHRIS PEIRIS, PhD,\u003c\/b\u003e has advised Fortune 500 companies, Federal and State Governments, and Defense and Intelligence entities in the Americas, Asia, Japan, Europe, and Australia New Zealand. He has 25+ years of IT industry experience. He is the author of 10 published books and is a highly sought-after keynote speaker.\u003c\/p\u003e \u003cp\u003e\u003cb\u003eBINIL PILLAI\u003c\/b\u003e is a Microsoft Global Security Compliance and Identity (SCI) Director for Strategy and Business Development focusing on the Small Medium Enterprise segment. He has 21+ years of experience in B2B cybersecurity, digital transformation, and management consulting. He is also a board advisor to several start-ups to help grow their businesses successfully. \u003c\/p\u003e\u003cp\u003e\u003cb\u003eABBAS KUDRATI\u003c\/b\u003e is a CISO and cybersecurity practitioner. He is currently Microsoft Asia’s Lead Chief Cybersecurity Advisor for the Security Solution Area and serves as Executive Advisor to Deakin University, LaTrobe University, HITRUST ASIA, and EC Council ASIA.  \u003c\/p\u003e\u003cp\u003e\u003cb\u003eA PROVEN AND COMPREHENSIVE APPROACH TO VENDOR-NEUTRAL AND MULTI-CLOUD CYBERSECURITY\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIn \u003ci\u003eThreat Hunting in the Cloud: Defending AWS, Azure and Other Cloud Platforms Against Cyberattacks,\u003c\/i\u003e an expert team of celebrated cybersecurity professionals deliver an insightful and comprehensive threat hunting guide for business and technical audiences. The authors provide extensive analyses of cloud platform security tools and the most common threat vectors using the industry-leading MITRE ATT\u0026amp;CK framework. You’ll learn how to build an integrated cybersecurity fusion center using Microsoft Azure and Amazon Web Services to deliver a multi-cloud Threat Hunting strategy for enterprise customers \u003c\/p\u003e\u003cp\u003e\u003ci\u003eThreat Hunting\u003c\/i\u003e in the Cloud guides organizations of all sizes to strategize their security posture, ensure long-term sustainability and manage cyber risks. You’ll also learn significant components of successful implementation of multi-cloud threat hunting frameworks, like the Threat Hunting Maturity Model, Zero Trust Computing, Human Elements of Threat Hunting, Integration of Threat Hunting with Security Operation Centers, and Cyber Fusion Centers. It concludes with a discussion of the future of threat hunting in areas like artificial intelligence, machine learning, quantum computing, the Internet of Things, Operational Technology, and Blockchain. \u003c\/p\u003e\u003cp\u003eThis book is ideal for Cybersecurity executives, including CTOs and CISOs, technical security professionals, and security analysts who want to learn and set up Threat Hunting capabilities for a multi-cloud environment.\u003c\/p\u003e\u003cp\u003e\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47990389244133,"sku":"NP9781119804062","price":50.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781119804062.jpg?v=1761787631","url":"https:\/\/k12savings.com\/products\/threat-hunting-in-the-cloud-isbn-9781119804062","provider":"K12savings","version":"1.0","type":"link"}