Reverse Deception: Organized Cyber Threat Counter-Exploitation by Sean Bodmer Page A
Book: Reverse Deception: Organized Cyber Threat Counter-Exploitation by Sean Bodmer
Read Free Book Online
Authors: Sean Bodmer
Ads: Link
direct exploitation and use as a pivot point (being a beginning point of infiltration that leads to deeper infection of your enterprise) or as a part of an end goal. The overall issue with modern computing is the ease in which criminal activity can grow from a single infection to a full-blown advanced persistent threat. The generally used method is client-side-exploitation or social engineering, the latter being the most effective, especially with well-funded and highly skilled adversaries.
We mentioned that all adversaries are human. Well, humans have emotional routines and behaviors that translate to programming functions and procedures similar to computers, and they can exert their human nature in their methods and techniques. Humans develop tools, tactics, and techniques that are easily repeatable for their own successful motivations and objectives. So why wouldn’t we be able to observe patterns in physical or cyber-related effects and behaviors of an adversary? This is not a trivial process in any sense of the task, but can be attained through thorough analysis and due diligence of the security team or end users.
In a world of enterprise networks like little galaxies across our Internet universe, common and unique events occur across billions of galaxies every second. These events range in severity and uniqueness between galaxies. Some of these events occur daily, and some happen rarely. Now when we get down to it, the events we are concerned with are generated by humans, and they have patterns, techniques, and observable details that can be used to your advantage. That’s how you can approach incidents and intrusions without feeling overwhelmed. Each of these events is unique in some way, and can be made discernable and attributable to a returning adversary or an event that has nothing to do with a critical threat that has occurred in the past, present, or future. As a defender, you can never tell which individual incident or event is associated with one another, or can you?
Throughout the book, we will refer to our adversaries . This will be used as a common vernacular to describe any form of individual or group posing a threat against your enterprise network. We will discuss various categories of adversaries and attribution that will empower you to better identify which threat is related to which adversary. This will be important as we go through the subject matter of this book and inform you of what information you can collect against your adversaries in order to manipulate them into performing actions that improve your security posture. Another topic of the book is the ability to discern which incidents or intrusions are associated with specific adversaries.
This book crosses and blends the lines of age-old techniques and cyber-related tools and techniques that have been in use by professionals throughout several fields of study. In this book, these defenses will be applied together for various aspects and roles of information systems security engineering and cyber counterintelligence. Some of the TTPs may be familiar, and some may not. You’ll learn about the methods and techniques suggested as best practices for combating cyber criminal activity, ranging from just a curious cyber criminal to advanced persistent threats that you need to understand to actively detect and combat.
Advanced persistent threats and simple persistent threats are posed through the use of physical control of your network, deception, disinformation, behavioral analysis, legal perspectives, political analysis, and counterintelligence. Having physical control of your enterprise is the focal point most single security professionals and executives regularly forget about. If you can control the boundaries of a fight or battle, why can’t you win? This is the most basic principle, but when dealing with giant enterprise networks that span the globe, things can get trickier (by using traditional deception and counterdeception techniques).
We mentioned that all adversaries are human. Well, humans have emotional routines and behaviors that translate to programming functions and procedures similar to computers, and they can exert their human nature in their methods and techniques. Humans develop tools, tactics, and techniques that are easily repeatable for their own successful motivations and objectives. So why wouldn’t we be able to observe patterns in physical or cyber-related effects and behaviors of an adversary? This is not a trivial process in any sense of the task, but can be attained through thorough analysis and due diligence of the security team or end users.
In a world of enterprise networks like little galaxies across our Internet universe, common and unique events occur across billions of galaxies every second. These events range in severity and uniqueness between galaxies. Some of these events occur daily, and some happen rarely. Now when we get down to it, the events we are concerned with are generated by humans, and they have patterns, techniques, and observable details that can be used to your advantage. That’s how you can approach incidents and intrusions without feeling overwhelmed. Each of these events is unique in some way, and can be made discernable and attributable to a returning adversary or an event that has nothing to do with a critical threat that has occurred in the past, present, or future. As a defender, you can never tell which individual incident or event is associated with one another, or can you?
Throughout the book, we will refer to our adversaries . This will be used as a common vernacular to describe any form of individual or group posing a threat against your enterprise network. We will discuss various categories of adversaries and attribution that will empower you to better identify which threat is related to which adversary. This will be important as we go through the subject matter of this book and inform you of what information you can collect against your adversaries in order to manipulate them into performing actions that improve your security posture. Another topic of the book is the ability to discern which incidents or intrusions are associated with specific adversaries.
This book crosses and blends the lines of age-old techniques and cyber-related tools and techniques that have been in use by professionals throughout several fields of study. In this book, these defenses will be applied together for various aspects and roles of information systems security engineering and cyber counterintelligence. Some of the TTPs may be familiar, and some may not. You’ll learn about the methods and techniques suggested as best practices for combating cyber criminal activity, ranging from just a curious cyber criminal to advanced persistent threats that you need to understand to actively detect and combat.
Advanced persistent threats and simple persistent threats are posed through the use of physical control of your network, deception, disinformation, behavioral analysis, legal perspectives, political analysis, and counterintelligence. Having physical control of your enterprise is the focal point most single security professionals and executives regularly forget about. If you can control the boundaries of a fight or battle, why can’t you win? This is the most basic principle, but when dealing with giant enterprise networks that span the globe, things can get trickier (by using traditional deception and counterdeception techniques).
Similar Books
