Asset Attack Vectors
Apress (Verlag)
978-1-4842-3626-0 (ISBN)
- Teaches you about the cyberattack chain and how security flaws from vulnerabilities to misconfigurations can lead to the exploitation of assets and a security breach
- Covers the required policies, procedures, regulations, and disclosure of vulnerabilities for vendors and end users
- Explores common vulnerability management mistakes, architectural considerations, and technology required to build an effective vulnerability management program
Build an effective vulnerability management strategy to protect your organization’s assets, applications, and data.
Today’s network environments are dynamic, requiring multiple defenses to mitigate vulnerabilities and stop data breaches. In the modern enterprise, everything connected to the network is a target. Attack surfaces are rapidly expanding to include not only traditional servers and desktops, but also routers, printers, cameras, and other IOT devices. It doesn’t matter whether an organization uses LAN, WAN, wireless, or even a modern PAN—savvy criminals have more potential entry points than ever before. To stay ahead of these threats, IT and security leaders must be aware of exposures and understand their potential impact.
Asset Attack Vectors will help you build a vulnerability management program designed to work in the modern threat environment. Drawing on years of combined experience, the authors detail the latest techniques for threat analysis, risk measurement, and regulatory reporting. They also outline practical service level agreements (SLAs) for vulnerability management and patch management.
Vulnerability management needs to be more than a compliance check box; it should be the foundation of your organization’s cybersecurity strategy. Read Asset Attack Vectors to get ahead of threats and protect your organization with an effective asset protection strategy.
- Create comprehensive assessment and risk identification policies and procedures
- Implement a complete vulnerability management workflow in nine easy steps
- Understand the implications of active, dormant, and carrier vulnerability states
- Develop, deploy, and maintain custom and commercial vulnerability management programs
- Discover the best strategies for vulnerability remediation, mitigation, and removal
- Automate credentialed scans that leverage least-privilege access principles
- Read real-world case studies that share successful strategies and reveal potential pitfalls
This book is for New and intermediate security management professionals, auditors, and information technology staff looking to build an effective vulnerability management program and defend against asset based cyberattacks
Morey Haber has more than 20 years of IT industry experience and is the coauthor of Privileged Attack Vectors (Apress). He joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. As the Chief Technology Officer, he currently oversees BeyondTrust technology for both vulnerability and privileged access management solutions. In 2004, Morey joined eEye as the Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was a Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. Morey began his career as a Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.
Brad Hibbert is Chief Operations Officer (COO) and Chief Strategy Officer (CSO) and is the coauthor of Privileged Attack Vectors (Apress). He provides the leadership for his organization's solutions strategy, product management, development, services, and support. He brings over 25 years of executive experience in the software industry aligning business and technical teams for success. He joined BeyondTrust via the company's acquisition of eEye Digital Security, where Brad led strategy and products. Under Brad's leadership, eEye launched several market firsts, including vulnerability management solutions for cloud, mobile, and virtualization technologies. Prior to eEye, Brad served as Vice President of Strategy and Products at NetPro before its acquisition in 2008 by Quest Software. Over the years, Brad has attained many industry certifications to support his management, consulting, and development activities. Brad has his Bachelor of Commerce degree, Specialization in Management Information Systems, and MBA degree from the University of Ottawa.
ForewordIntroduction
My Firewall Protects Me
Why Target My Company?
My Vertical Is Safe
Patch Management As Protection
Homegrown Is Best
My Business Is Unique
It Is Too Expensive
Laggards
Customized And Legacy Systems
The Money Pit
Complacency Factor
The Bottom Line
Chapter 1. The Attack Chain
Chapter 2. The Vulnerability Landscape
Vulnerabilities
Configurations
Exploits
False Positives
False Negatives
Malware
Social Engineering
Phishing
Ransomware
Insider Threats
External Threats
Vulnerability Disclosure
Chapter 3. Threat Intelligence
Chapter 4. Vulnerability Assessment
Chapter 5. Configuration Assessment
Regulations
Frameworks
Benchmarks
Configuration Assessment Tools
Chapter 6. Risk Measurement
CVE
CVSS
STIG
OVAL
IAVA
Chapter 7. Vulnerability States
Vulnerability Risk Based On State
The Three Vulnerability States
Active Vulnerabilities
Dormant Vulnerabilities
Carrier Vulnerabilities
State Prioritization
Chapter 8. Vulnerability Authorities
Chapter 9. Penetration Testing
Chapter 10. Remediation
Microsoft
Apple
Cisco
Google
Oracle
Redhat
Open Source
Everyone Else
Chapter 11. The Vulnerability Management Program
Planning
Develop
Deploy
Operate
Chapter 12. Vulnerability Management Planning
Chapter 13. Vulnerability Management Development
Vulnerability Management Scope
Tool Selection
The Vulnerability Management Process
Common Vulnerability Mistakes
Common Challenges
Building The Plan
Chapter 14. Vulnerability Management Deployment
Team Communications
Network Scanners
Authentication
Agents
Third Party Integration
Patch Management
Virtual Patching
Threat Detection
Continuous Monitoring
Performance
Threads
Time To Complete
Bandwidth
Ports
Scan Windows
Scan Pooling
Fault Tolerance
Scanner Locking
Chapter 15. Vulnerability Management Operations
Discovery
Analysis
Reporting
Remediation
Measurement
Chapter 16. Sample Vulnerability Plan
Chapter 17. Regulatory Compliance
Chapter 18. Risk Management Frameworks
Chapter 19. Privileged Credential Asset Risks
Chapter 20. Making It All Work
Know What's On Your Network
Automate Credentialed Scans
Spot What's Lurking In The Shadows
See Your Data In High Definition
Find Which Threats Are Soft Targets
Mind Your Vulnerability Gaps
Unify Vulnerability And Privilege Intelligence
Threat Analytics
Streamline Your Patch Process
Share And Collaborate
Chapter 21. Tales From The Trenches
A Lost Enterprise Client
Just A Win
Just Too Much Too Manage
Obsolete
Complex Is Best
Forfeit The Game
Listening Skills
Contractors
The Rogue Device
The Big Fish
Rootkits Anyone?
Not The Only One
My Favorite Story
How Many Class B Networks?
The Blog From Hell
Nice Portal Baby
Online Banking
Lies
Speaking Of Comparisons
Getting Your Facts Straight
Dependencies
Chapter 22. Final Recommendations
Chapter 23. Conclusion
Appendix A - Sample Request For Proposal (RFP)
Erscheinungsdatum | 21.06.2018 |
---|---|
Zusatzinfo | 33 Illustrations, black and white |
Verlagsort | Berkley |
Sprache | englisch |
Maße | 155 x 235 mm |
Gewicht | 629 g |
Einbandart | kartoniert |
Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
Schlagworte | IT-Security • IT-Sicherheit • Malware • Management • Phishing • Ransomware • social engineering • Strategy • vulnerability |
ISBN-10 | 1-4842-3626-2 / 1484236262 |
ISBN-13 | 978-1-4842-3626-0 / 9781484236260 |
Zustand | Neuware |
Haben Sie eine Frage zum Produkt? |
aus dem Bereich