Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Cybersecurity Blue Team Strategies
  • Table Of Contents Toc
  • Feedback & Rating feedback
Cybersecurity Blue Team Strategies

Cybersecurity Blue Team Strategies

By : Kunal Sehgal, Nikolaos Thymianis
4.5 (2)
Buy this Book
close
close
Cybersecurity Blue Team Strategies

Cybersecurity Blue Team Strategies

4.5 (2)
By: Kunal Sehgal, Nikolaos Thymianis
Buy this Book

Overview of this book

We've reached a point where all organizational data is connected through some network. With advancements and connectivity comes ever-evolving cyber threats - compromising sensitive data and access to vulnerable systems. Cybersecurity Blue Team Strategies is a comprehensive guide that will help you extend your cybersecurity knowledge and teach you to implement blue teams in your organization from scratch. Through the course of this book, you’ll learn defensive cybersecurity measures while thinking from an attacker's perspective. With this book, you'll be able to test and assess the effectiveness of your organization’s cybersecurity posture. No matter the medium your organization has chosen- cloud, on-premises, or hybrid, this book will provide an in-depth understanding of how cyber attackers can penetrate your systems and gain access to sensitive information. Beginning with a brief overview of the importance of a blue team, you’ll learn important techniques and best practices a cybersecurity operator or a blue team practitioner should be aware of. By understanding tools, processes, and operations, you’ll be equipped with evolving solutions and strategies to overcome cybersecurity challenges and successfully manage cyber threats to avoid adversaries. By the end of this book, you'll have enough exposure to blue team operations and be able to successfully set up a blue team in your organization.
Table of Contents (18 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book
1
Part 1:Establishing the Blue
Icon
Part 1:Establishing the Blue
Free Chapter
2
Chapter 1: Establishing a Defense Program
chevron up
Icon
Chapter 1: Establishing a Defense Program
Icon
How do organizations benefit from implementing the blue teaming approach?
Icon
A blue team’s composition
Icon
Red team
Icon
Purple team
Icon
Cyber threat intelligence
Icon
Skills required to be in a blue team
Icon
Talent development and retention
Icon
Summary
3
Chapter 2: Managing a Defense Security Team
Icon
Chapter 2: Managing a Defense Security Team
Icon
Why must organizations consider metricizing cybersecurity?
Icon
Why and how organizations can automate this process
Icon
Summary
4
Chapter 3: Risk Assessment
Icon
Chapter 3: Risk Assessment
Icon
Following the NIST methodology
Icon
Asset inventory
Icon
Risk management methods
Icon
Risk management responsibilities
Icon
References
5
Chapter 4: Blue Team Operations
Icon
Chapter 4: Blue Team Operations
Icon
Understanding defense strategy
Icon
Blue team operations – infrastructure
Icon
Blue team operations – applications
Icon
Blue team operations – systems
Icon
Blue team operations – endpoints
Icon
Blue team operations – cloud
Icon
Defense planning against insiders
Icon
Responsibilities in blue team operations
Icon
Summary
6
Chapter 5: Threats
Icon
Chapter 5: Threats
Icon
What are cyber threats?
Icon
The Cyber Kill Chain
Icon
Internal attacks
Icon
Different types of cyber threat actors
Icon
Impacts of cybercrime
Icon
Summary
7
Chapter 6: Governance, Compliance, Regulations, and Best Practices
Icon
Chapter 6: Governance, Compliance, Regulations, and Best Practices
Icon
Definition of stakeholders and their needs
Icon
Building risk indicators
Icon
Compliance needs and the identification of compliance requirements
Icon
Assurance of compliance and the right level of governance
Icon
Summary
8
Part 2:Controlling the Fray
Icon
Part 2:Controlling the Fray
Icon
What are security controls?
Icon
Defense-in-depth
9
Chapter 7: Preventive Controls
Icon
Chapter 7: Preventive Controls
Icon
What are preventive controls?
Icon
Types of preventive controls
Icon
Layers of preventive controls
Icon
Summary
10
Chapter 8: Detective Controls
Icon
Chapter 8: Detective Controls
Icon
What are detective controls?
Icon
Types of detective controls
Icon
SOC
Icon
Vulnerability testing
Icon
Penetration testing
Icon
Red teams
Icon
Bug bounty
Icon
Source code scanning
Icon
Compliance scanning or hardening scans
Icon
Tools for detective controls
Icon
Summary
11
Chapter 9: Cyber Threat Intelligence
Icon
Chapter 9: Cyber Threat Intelligence
Icon
What is CTI?
Icon
Types of threat intelligence
Icon
Threat intelligence implementation
Icon
Threat hunting
Icon
The MITRE ATT&CK framework
Icon
Summary
12
Chapter 10: Incident Response and Recovery
Icon
Chapter 10: Incident Response and Recovery
Icon
Incident response planning
Icon
Testing incident response plans
Icon
Incident response playbooks
Icon
Disaster recovery planning
Icon
Cyber insurance
Icon
Summary
13
Chapter 11: Prioritizing and Implementing a Blue Team Strategy
Icon
Chapter 11: Prioritizing and Implementing a Blue Team Strategy
Icon
Emerging detection and prevention technologies and techniques
Icon
Pitfalls to avoid while setting up a blue team
Icon
Getting started on your blue team journey
Icon
Summary
14
Part 3:Ask the Experts
Icon
Part 3:Ask the Experts
15
Chapter 12: Expert Insights
Icon
Anthony Desvernois
Icon
William B. Nelson
Icon
Laurent Gerardin
Icon
Peter Sheppard, BSc (Hons), MBCS, CITP, CISA
Icon
Pieter Danhieux, CEO and Co-Founder, Secure Code Warrior
16
Index
Icon
Index
Icon
Why subscribe?
17
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book

Cyber threat intelligence

Threat intelligence is a term that’s often used by many professionals that encompass tactical, operational, and strategic intelligence. The sources, audiences, and forms of intelligence are all different. At the core, any threat intelligence that’s received by the SOC, in any business, must be proactively actionable. The blue team should be able to absorb this intelligence and use it to proactively defend their organization.

In terms of the basics, threat data consists of indicators of various cyber threats such as IP addresses, URLs, or file hashes. These are referred to as Indicators of Threats (IoTs) or Indicators of Compromise (IoCs). On the other hand, threat intelligence is a type of factual, processed, and provable record based on analysis that connects data and information from many sources to identify patterns and provide insights that would be relevant to the organization. It lets people and systems make educated decisions and take effective action to avoid breaches, fix vulnerabilities, improve the security posture of the enterprise, and decrease risk. Strategic intelligence usually focuses on the TTPs of the threat actors.

Often, such teams sit within the blue team. Alternatively, large organizations may prefer to have them separately and act as a standalone unit to collaborate across the blue team, red team, purple team, business lines, and more. We will discuss this in more depth later in this book.

Now that we have covered teams that work closely together with the blue team, let’s understand the skills that organizations should look out for while recruiting. This will help ensure the right candidates are hired and placed in the right roles.

End of Section 6
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY