Full description not available
I**B
A buy it now book.
For those who cannot get a full week off to take the SANS threat hunting course or maybe not afford it this is your next best thing. The book walks you through the threat intelligence lifecycle with examples a long the way to help you relate back to a known story. This book not only inspires you to learn more about how threats operate it provides you with the tools to understand how you can utilise the data effectively.I see this book as the red team field manual for threat intelligence, it will be something I refer to daily.#buyitnow!
R**N
Definitely worth the read!
Scott and Rebekah did an excellent job covering everything you need to know to start an intelligence program or mature one that you already have. Overall, I really enjoyed reading this book. I thought they did a great job explaining how to apply F3EAD in a threat intelligence environment. Even though F3EAD was a large part of the book, the authors also provided some great information on how to best engage with C-suite executives and other stakeholders. I would definitely recommend picking up this book, even if you're already a threat intelligence expert.Content aside, I think the editors (Courtney Allen and Virginia Wilson) really did Scott and Rebekah a disservice. Based on the content alone, I still think Intelligence-Driven Incident Response is worth the full 5 stars; however, throughout the book, there were numerous typos, such as 'adentdversary' on page 180, and other errors (verbiage/grammar). Since the book does have a rather high cover price and is relatively short (only ~240 pages, appendix excluded), I don't think it's unfair to ask for better editing from the O'Reilly staff.
A**R
Mandatory reading for anyone involved in IR, CTI, ...
Mandatory reading for anyone involved in IR, CTI, or SOC Land. I wish I had this book book 10 years ago. Stop reading this review and click Add to Cart.
B**Z
Exceeded (already high) expectations!
"Intelligence-Driven Incident Response" equips Incident Response professionals with the knowledge and context to integrate traditional Intelligence principles into their cyber defense strategies. My pre-ordered copy arrived today, and I am already impressed with the authors' experience and expertise spanning both of these complex domains.As someone with a background in both information security and "traditional intelligence," I am excited and thankful to see Scott and Rebekah skillfully deconstruct the core components of Incident Response (IR) and intel. They introduce and explain the incident response process, the intelligence process, and cyber threat intelligence, enriched throughout with real-world case studies that tie the concepts together effectively.The content organization is excellent: "Part I. The Fundamentals. Part II. Practical Application. Part III. The Way Forward."There are too many "hit-the-nail-on-the-head" aspects of this book to highlight here, so I'll just mention a few concepts the authors cover that address current gaps in the collective understanding of many organizations.1. The authors discuss the Intelligence cycle and outline ways in which Intelligence-driven incident response feeds the Intelligence cycle. This is a critical point of departure from the mindset of intelligence being just a series of "threat feeds" containing known-bad file hashes and IP addresses. They present a more coherent and reality-aligned way of thinking about this concept than the tool-focused paradigms our executives are exposed to through interactions with vendors.2. "Mining Previous Incidents." This section on page 125 highlights something I've referred to as "internal intelligence" in discussions with industry colleagues. In my experience with tactical intelligence collection in kinetic environments, the concept of "knowing the terrain" is so ingrained in the mindset of Warfighters that it doesn't warrant much discussion. Within information security / cyber defense circles, though, this foundational concept doesn't seem to have the same traction. (Yet.)3. "Intelligence Consumer Goals." The authors articulate the need to think about various consumers of intelligence products through the lens of each consumer's goals. For example, an Executive representing the business has a different scope and set of goals than the malware analyst working with the threat hunting team. The section in chapter 9: "Disseminate" that frames information sharing in the context of which types of stakeholders will consume the intelligence is a must-read for practitioners as well as leadership. In my experience working in both Intel and corporate environments, there tends to be a traditional view of "management reporting" in the corporate setting that can taint the intent of Intelligence Dissemination. Instead of considering the value of producing intelligence reports for "Internal Technical Consumers" as the authors discuss on page 167, the allocation of scarce resources to "reporting" falls into the traditional upward, leadership-focused information sharing. We urgently need the approach outlined in this book to gain traction in our industry. We need a "common operating picture" or a shared understanding of the current situation among the incident response team members, and that warrants allocating resources to disseminating intelligence products horizontally among technical consumers in addition to what has traditionally been viewed as management reporting.4. "The RFI Process." From page 193: "A request for intelligence (RFI) is a specialized product meant to answer a specific question, often in response to a situational awareness need." Bottom line up front: Please read this, and then consider implementing it when you can. (But probably soon, because although it's not a new concept, it is a proven, useful one that we would do well to adopt in information security.)5. "Building an Intelligence Program." This is the title of chapter eleven. By the time the reader has progressed through the previous chapters, she will have developed a solid understanding of the core principles and components of the disciplines of Incident Response and Intelligence, how they converge in the concept of Intelligence-Driven Incident Response, and why it is important to undergird our approach to cyber defense with these time-tested methodologies. The authors lay out a series of considerations, clearly cognizant and respectful of budgetary and resource constraints faced by every reader. The questions posed are realistic and informative.6. Appendix A: "Intelligence Products." Developing an understanding of what this entails and how it can enable & transform cyber defense is, in my opinion, worth the price of the book on its own.The foreword by Rob Lee, Founder of Harbinger Security and DFIR Lead at SANS Institute, is a fascinating glimpse into the historical context around cyber intrusions. This historical perspective is provided by a current industry leader who remains on the front lines of this fight while developing a new generation of Digital Forensics and Incident Response (DFIR) professionals, myself included. Rob's observation from the foreword says a lot: "I wish I had this book 20 years ago in my first intrusion cases while investigating Russian hackers during Moonlight Maze. Luckily, we have this book today, and I can now point to it as required reading for my students who want to move beyond tactical response and apply a framework and strategy to it all that works."I’d recommend diving into a copy of this book as soon as you can. "Intelligence-Driven Incident Response" has the potential to transform security teams and organizations by educating, influencing, and guiding them. And, considering the current state of the cyber threat environment, it couldn’t have come at a better time.
D**K
learn incident response
straight forward no nonsense book on an important topic.
C**.
A must have for cyber threat intelligence professionals.
A must have for those delving into learning and applying cyber threat intelligence. This explains the full intelligence cycle oriented to the cyber domain.
H**N
Pwnie award Nominee 2018 for best computer security book
A must read for Everyone in network security and Threat Intelligence and Incident Response is a good candidate for the 2018 Cybersecurity book of the year! The factual no nonsense & no marketing fluff to Incident Response and TI sets the ultimate standard
C**S
Five Stars
Very helpful if you are new to incident response.
A**R
Too much padding
This book might be interesting for someone not in the field already, but as an experienced professional it's too entry level. In addition, the book has lots of padding around the information and covers stories of intelligence not related to cyber.
W**L
Not a new book
Sure it's a good book but when I'm paying £30 for a new book I don't expect to arrive like a Haynes manual left in a garage.Clearly a second hand book but doesn't say that anywhere.
A**N
Five Stars
all good
C**X
Biblia operativa en un nuevo contexto
Creo que este es el libro definitivo para todo pentester o analista de seguridad informática, donde claramente se puede entender nuestra función operativa y su forma de ser vista desde la perspectiva de inteligencia y equipos de respuesta a incidentes. Gracias al autor por los detalles y contrastes, sencillamente el llevar la inteligencia como principal vector en la narrativa expuesta, hace toda la diferencia.
J**Z
Amazing book!!!
Great book!!! A must for all IR Teams that want to learn/improve their current capabilities with new concepts including the value of Deception/Intel in the Active Defense practice!
Trustpilot
1 month ago
1 month ago