Advanced Persistent Threat

Advanced Persistent Threat

Understanding the Danger and How to Protect Your Organization

1st Edition - November 13, 2012
This is the Latest Edition
  • Author: Eric Cole
  • Paperback ISBN: 9781597499491
  • eBook ISBN: 9781597499552

Purchase options

Purchase options
Available
DRM-free (EPub, PDF, Mobi)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order

Description

The newest threat to security has been categorized as the Advanced Persistent Threat or APT. The APT bypasses most of an organization’s current security devices, and is typically carried out by an organized group, such as a foreign nation state or rogue group with both the capability and the intent to persistently and effectively target a specific entity and wreak havoc. Most organizations do not understand how to deal with it and what is needed to protect their network from compromise. In Advanced Persistent Threat: Understanding the Danger and How to Protect your Organization Eric Cole discusses the critical information that readers need to know about APT and how to avoid being a victim. Advanced Persistent Threat is the first comprehensive manual that discusses how attackers are breaking into systems and what to do to protect and defend against these intrusions.

Key Features

  • How and why organizations are being attacked
  • How to develop a "Risk based Approach to Security"
  • Tools for protecting data and preventing attacks
  • Critical information on how to respond and recover from an intrusion
  • The emerging threat to Cloud based networks

Readership

IT Security Professionals (Security Auditors, Security Engineers, Compliance Specialists, etc.), IT Professionals (Network Administrators, IT Managers, Security Managers, Security Analysts, Directors of Security, etc.)

Table of Contents

  • Dedication

    Author Biography

    Preface

    Section I. Understanding the Problem

    Chapter 1. The Changing Threat

    Introduction

    The Current Landscape

    Organizations View on Security

    You will be Compromised

    The Cyber ShopLifter

    The New Defense in Depth

    Proactive vs Reactive

    Loss of Common Sense

    It is All About Risk

    What Was In Place?

    Pain Killer Security

    Reducing the Surface Space

    HTML Embedded Email

    Buffer Overflows

    Macros in Office Documents

    The Traditional Threat

    Common Cold

    Reactive Security

    Automation

    The Emerging Threat

    APT—Cyber Cancer

    Advanced Persistent Threat (APT)

    APT—Stealthy, Targeted, and Data Focused

    Characteristics of the APT

    Defending Against the APT

    APT vs Traditional Threat

    Sample APT Attacks

    APT Multi-Phased Approach

    Summary

    Chapter 2. Why are Organizations Being Compromised?

    Introduction

    Doing Good Things and Doing the Right Things

    Security is Not Helpless

    Beyond Good or Bad

    Attackers are in Your Network

    Proactive, Predictive, and Adaptive

    Example of How to Win

    Data Centric Security

    Money Does Not Equal Security

    The New Approach to APT

    Selling Security to Your Executives

    Top Security Trends

    Summary

    Chapter 3. How are Organizations Being Compromised?

    Introduction

    What are Attackers After?

    Attacker Process

    Reconnaissance

    Scanning

    Exploitation

    Create Backdoors

    Cover Their Tracks

    Compromising a Server

    Compromising a Client

    Insider Threat

    Traditional Security

    Firewalls

    Dropped Packets

    InBound Prevention and OutBound Detection

    Intrusion Detection

    Summary

    Chapter 4. Risk-Based Approach to Security

    Introduction

    Products vs. Solutions

    Learning from the Past

    What is Risk?

    Focused Security

    Formal Risk Model

    Insurance Model

    Calculating Risk

    Summary

    Section II. Emerging Trends

    Chapter 5. Protecting Your Data

    Introduction

    Data Discovery

    Protected Enclaves

    Everything Starts with Your Data

    CIA

    Data Classification

    Encryption

    Types of Encryption

    Goals of Encryption

    Data at Rest

    Data at Motion

    Encryption—More Than You Bargained For

    Network Segmentation and De-Scoping

    Encryption Free Zone

    Summary

    Chapter 6. Prevention is Ideal but Detection is a Must

    Introduction

    Inbound Prevention

    Outbound Detection

    Network vs. Host

    Making Hard Decisions

    Is AV/Host Protection Dead?

    Summary

    Chapter 7. Incident Response: Respond and Recover

    Introduction

    The New Rule

    Suicidal Mindset

    Incident Response

    Events/Audit Trails

    Sample Incidents

    6-Step Process

    Forensic Overview

    Summary

    Chapter 8. Technologies for Success

    Introduction

    Integrated Approach to APT

    How Bad is the Problem?

    Trying to Hit a Moving Target

    Finding the Needle in the Haystack

    Understand What You Have

    Identifying APT

    Minimizing the Problem

    End to End Solution for the APT

    Summary

    Section III. The Future and How to Win

    Chapter 9. The Changing Landscape: Cloud and Mobilization

    Introduction

    You Cannot Fight the Cloud

    Is the Cloud Really New?

    What is the Cloud?

    Securing the Cloud

    Reducing Cloud Computing Risks

    Mobilization—BYOD (Bring Your Own Device)

    Dealing with Future Technologies

    Summary

    Chapter 10. Proactive Security and Reputational Ranking

    Introduction

    Facing Reality

    Predicting Attacks to Become Proactive

    Changing How You Think About Security

    The Problem has Changed

    The APT Defendable Network

    Summary

    Chapter 11. Focusing in on the Right Security

    Introduction

    What is the Problem That is Being Solved?

    If the Offense Knows More Than the Defense You Will Loose

    Enhancing User Awareness

    Virtualized Sandboxing

    Patching

    White Listing

    Summary

    Chapter 12. Implementing Adaptive Security

    Introduction

    Focusing on the Human

    Focusing on the Data

    Game Plan

    Prioritizing Risks

    Key Emerging Technologies

    The Critical Controls

    Summary

    Index

Product details

  • No. of pages: 320
  • Language: English
  • Copyright: © Syngress 2012
  • Published: November 13, 2012
  • Imprint: Syngress
  • Paperback ISBN: 9781597499491
  • eBook ISBN: 9781597499552
  • About the Author

    Eric Cole

    Dr. Eric Cole is an industry recognized security expert, technology visionary and scientist, with over 15 year’s hands-on experience. Dr. Cole currently performs leading edge security consulting and works in research and development to advance the state of the art in information systems security. Dr. Cole has over a decade of experience in information technology, with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. Dr. Cole has a Masters in Computer Science from NYIT, and Ph.D. from Pace University with a concentration in Information Security. Dr. Cole is the author of several books to include Hackers Beware, Hiding in Plain Site, Network Security Bible and Insider Threat. He is also the inventor of over 20 patents and is a researcher, writer, and speaker for SANS Institute and faculty for The SANS Technology Institute, a degree granting institution.

    Affiliations and Expertise

    Independant network security consultant and speaker, USA