You are previewing Advanced Persistent Threat.
O'Reilly logo
Advanced Persistent Threat

Book Description

The newest threat to security has been categorized as the Advanced Persistent Threat or APT. The APT bypasses most of an organization’s current security devices, and is typically carried out by an organized group, such as a foreign nation state or rogue group with both the capability and the intent to persistently and effectively target a specific entity and wreak havoc. Most organizations do not understand how to deal with it and what is needed to protect their network from compromise. In Advanced Persistent Threat: Understanding the Danger and How to Protect your Organization Eric Cole discusses the critical information that readers need to know about APT and how to avoid being a victim.

Advanced Persistent Threat is the first comprehensive manual that discusses how attackers are breaking into systems and what to do to protect and defend against these intrusions.



Advanced Persistent Threat covers what you need to know including:

• How and why organizations are being attacked

• How to develop a "Risk based Approach to Security"

• Tools for protecting data and preventing attacks

• Critical information on how to respond and recover from an intrusion

• The emerging threat to Cloud based networks

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Dedication
  6. Author Biography
  7. Preface
  8. Section I. Understanding the Problem
    1. Chapter 1. The Changing Threat
      1. Introduction
      2. The Current Landscape
      3. Organizations View on Security
      4. You will be Compromised
      5. The Cyber ShopLifter
      6. The New Defense in Depth
      7. Proactive vs Reactive
      8. Loss of Common Sense
      9. It is All About Risk
      10. What Was In Place?
      11. Pain Killer Security
      12. Reducing the Surface Space
      13. HTML Embedded Email
      14. Buffer Overflows
      15. Macros in Office Documents
      16. The Traditional Threat
      17. Common Cold
      18. Reactive Security
      19. Automation
      20. The Emerging Threat
      21. APT—Cyber Cancer
      22. Advanced Persistent Threat (APT)
      23. APT—Stealthy, Targeted, and Data Focused
      24. Characteristics of the APT
      25. Defending Against the APT
      26. APT vs Traditional Threat
      27. Sample APT Attacks
      28. APT Multi-Phased Approach
      29. Summary
    2. Chapter 2. Why are Organizations Being Compromised?
      1. Introduction
      2. Doing Good Things and Doing the Right Things
      3. Security is Not Helpless
      4. Beyond Good or Bad
      5. Attackers are in Your Network
      6. Proactive, Predictive, and Adaptive
      7. Example of How to Win
      8. Data Centric Security
      9. Money Does Not Equal Security
      10. The New Approach to APT
      11. Selling Security to Your Executives
      12. Top Security Trends
      13. Summary
    3. Chapter 3. How are Organizations Being Compromised?
      1. Introduction
      2. What are Attackers After?
      3. Attacker Process
      4. Reconnaissance
      5. Scanning
      6. Exploitation
      7. Create Backdoors
      8. Cover Their Tracks
      9. Compromising a Server
      10. Compromising a Client
      11. Insider Threat
      12. Traditional Security
      13. Firewalls
      14. Dropped Packets
      15. InBound Prevention and OutBound Detection
      16. Intrusion Detection
      17. Summary
    4. Chapter 4. Risk-Based Approach to Security
      1. Introduction
      2. Products vs. Solutions
      3. Learning from the Past
      4. What is Risk?
      5. Focused Security
      6. Formal Risk Model
      7. Insurance Model
      8. Calculating Risk
      9. Summary
  9. Section II. Emerging Trends
    1. Chapter 5. Protecting Your Data
      1. Introduction
      2. Data Discovery
      3. Protected Enclaves
      4. Everything Starts with Your Data
      5. CIA
      6. Data Classification
      7. Encryption
      8. Types of Encryption
      9. Goals of Encryption
      10. Data at Rest
      11. Data at Motion
      12. Encryption—More Than You Bargained For
      13. Network Segmentation and De-Scoping
      14. Encryption Free Zone
      15. Summary
    2. Chapter 6. Prevention is Ideal but Detection is a Must
      1. Introduction
      2. Inbound Prevention
      3. Outbound Detection
      4. Network vs. Host
      5. Making Hard Decisions
      6. Is AV/Host Protection Dead?
      7. Summary
    3. Chapter 7. Incident Response: Respond and Recover
      1. Introduction
      2. The New Rule
      3. Suicidal Mindset
      4. Incident Response
      5. Events/Audit Trails
      6. Sample Incidents
      7. 6-Step Process
      8. Forensic Overview
      9. Summary
    4. Chapter 8. Technologies for Success
      1. Introduction
      2. Integrated Approach to APT
      3. How Bad is the Problem?
      4. Trying to Hit a Moving Target
      5. Finding the Needle in the Haystack
      6. Understand What You Have
      7. Identifying APT
      8. Minimizing the Problem
      9. End to End Solution for the APT
      10. Summary
  10. Section III. The Future and How to Win
    1. Chapter 9. The Changing Landscape: Cloud and Mobilization
      1. Introduction
      2. You Cannot Fight the Cloud
      3. Is the Cloud Really New?
      4. What is the Cloud?
      5. Securing the Cloud
      6. Reducing Cloud Computing Risks
      7. Mobilization—BYOD (Bring Your Own Device)
      8. Dealing with Future Technologies
      9. Summary
    2. Chapter 10. Proactive Security and Reputational Ranking
      1. Introduction
      2. Facing Reality
      3. Predicting Attacks to Become Proactive
      4. Changing How You Think About Security
      5. The Problem has Changed
      6. The APT Defendable Network
      7. Summary
    3. Chapter 11. Focusing in on the Right Security
      1. Introduction
      2. What is the Problem That is Being Solved?
      3. If the Offense Knows More Than the Defense You Will Loose
      4. Enhancing User Awareness
      5. Virtualized Sandboxing
      6. Patching
      7. White Listing
      8. Summary
    4. Chapter 12. Implementing Adaptive Security
      1. Introduction
      2. Focusing on the Human
      3. Focusing on the Data
      4. Game Plan
      5. Prioritizing Risks
      6. Key Emerging Technologies
      7. The Critical Controls
      8. Summary
  11. Index