| Dedication | p. v |
| Author Biography | p. xiii |
| Preface | p. xv |
| Understanding the Problem | |
| The Changing Threat | p. 3 |
| Introduction | p. 3 |
| The Current Landscape | p. 4 |
| Organizations View on Security | p. 5 |
| You will be Compromised | p. 6 |
| The Cyber ShopLifter | p. 7 |
| The New Defense in Depth | p. 8 |
| Proactive vs Reactive | p. 10 |
| Loss of Common Sense | p. 11 |
| It is All About Risk | p. 12 |
| What Was In Place? | p. 13 |
| Pain Killer Security | p. 14 |
| Reducing the Surface Space | p. 14 |
| HTML Embedded Email | p. 15 |
| Buffer Overflows | p. 15 |
| Macros in Office Documents | p. 16 |
| The Traditional Threat | p. 16 |
| Common Cold | p. 17 |
| Reactive Security | p. 17 |
| Automation | p. 17 |
| The Emerging Threat | p. 18 |
| APT-Cyber Cancer | p. 19 |
| Advanced Persistent Threat (APT) | p. 19 |
| APT-Stealthy, Targeted, and Data Focused | p. 21 |
| Characteristics of the APT | p. 22 |
| Defending Against the APT | p. 23 |
| APT vs Traditional Threat | p. 24 |
| Sample APT Attacks | p. 25 |
| APT Multi-Phased Approach | p. 25 |
| Summary | p. 26 |
| Why are Organizations Being Compromised? | p. 27 |
| Introduction | p. 27 |
| Doing Good Things and Doing the Right Things | p. 28 |
| Security is Not Helpless | p. 29 |
| Beyond Good or Bad | p. 31 |
| Attackers are in Your Network | p. 31 |
| Proactive, Predictive, and Adaptive | p. 34 |
| Example of How to Win | p. 37 |
| Data Centric Security | p. 39 |
| Money Does Not Equal Security | p. 40 |
| The New Approach to APT | p. 41 |
| Selling Security to Your Executives | p. 42 |
| Top Security Trends | p. 46 |
| Summary | p. 49 |
| How are Organizations Being Compromised? | p. 51 |
| Introduction | p. 51 |
| What are Attackers After? | p. 53 |
| Attacker Process | p. 53 |
| Reconnaissance | p. 54 |
| Scanning | p. 56 |
| Exploitation | p. 57 |
| Create Backdoors | p. 58 |
| Cover Their Tracks | p. 58 |
| Compromising a Server | p. 59 |
| Compromising a Client | p. 65 |
| Insider Threat | p. 66 |
| Traditional Security | p. 69 |
| Firewalls | p. 69 |
| Dropped Packets | p. 71 |
| InBound Prevention and OutBound Detection | p. 73 |
| Intrusion Detection | p. 74 |
| Summary | p. 75 |
| Risk-Based Approach to Security | p. 77 |
| Introduction | p. 77 |
| Products vs. Solutions | p. 78 |
| Learning from the Past | p. 78 |
| What is Risk? | p. 79 |
| Focused Security | p. 80 |
| Formal Risk Model | p. 84 |
| Threat | p. 85 |
| Vulnerability | p. 88 |
| Known and Unknown Vulnerabilities | p. 90 |
| Putting the Pieces Back Together | p. 92 |
| Insurance Model | p. 95 |
| Calculating Risk | p. 96 |
| Summary | p. 96 |
| Emerging Trends | |
| Protecting Your Data | p. 99 |
| Introduction | p. 99 |
| Data Discovery | p. 100 |
| Protected Enclaves | p. 101 |
| Everything Starts with Your Data | p. 104 |
| CIA | p. 106 |
| Data Classification | p. 107 |
| Data Classification Mistake 1 | p. 108 |
| Data Classification Rule 1 | p. 108 |
| Data Classification Mistake 2 | p. 109 |
| Data Classification Rule 2 | p. 109 |
| Data Classification Mistake 3 | p. 109 |
| Data Classification Rule 3 | p. 109 |
| Encryption | p. 111 |
| Types of Encryption | p. 113 |
| Goals of Encryption | p. 114 |
| Data at Rest | p. 115 |
| Data at Motion | p. 116 |
| Encryption-More Than You Bargained For | p. 117 |
| Network Segmentation and De-Scoping | p. 118 |
| Encryption Free Zone | p. 119 |
| Summary | p. 121 |
| Prevention is Ideal but Detection is a Must | p. 123 |
| Introduction | p. 123 |
| Inbound Prevention | p. 125 |
| Outbound Detection | p. 131 |
| Network vs. Host | p. 136 |
| Making Hard Decisions | p. 138 |
| Is AV/Host Protection Dead? | p. 142 |
| Summary | p. 143 |
| Incident Response: Respond and Recover | p. 145 |
| Introduction | p. 145 |
| The New Rule | p. 147 |
| Suicidal Mindset | p. 149 |
| Incident Response | p. 151 |
| Events/Audit Trails | p. 154 |
| Sample Incidents | p. 156 |
| 6-Step Process | p. 159 |
| Preparation | p. 160 |
| Identification | p. 162 |
| Containment | p. 164 |
| Eradication | p. 166 |
| Recovery | p. 167 |
| Lesson Learned | p. 167 |
| Forensic Overview | p. 167 |
| Summary | p. 171 |
| Technologies for Success | p. 173 |
| Introduction | p. 173 |
| Integrated Approach to APT | p. 175 |
| How Bad is the Problem? | p. 176 |
| Trying to Hit a Moving Target | p. 179 |
| Finding the Needle in the Haystack | p. 182 |
| Understand What You Have | p. 188 |
| Identifying APT | p. 189 |
| Assessment and Discovery | p. 191 |
| Analysis and Remediation | p. 196 |
| Program Review | p. 198 |
| Minimizing the Problem | p. 201 |
| End to End Solution for the APT | p. 202 |
| Summary | p. 204 |
| The Future and How to Win | |
| The Changing Landscape: Cloud and Mobilization | p. 209 |
| Introduction | p. 209 |
| You Cannot Fight the Cloud | p. 212 |
| Is the Cloud Really New? | p. 213 |
| What is the Cloud? | p. 214 |
| Securing the Cloud | p. 215 |
| Reducing Cloud Computing Risks | p. 218 |
| Mobilization-BYOD (Bring Your Own Device) | p. 219 |
| Dealing with Future Technologies | p. 220 |
| Summary | p. 222 |
| Proactive Security and Reputational Ranking | p. 223 |
| Introduction | p. 223 |
| Facing Reality | p. 225 |
| Predicting Attacks to Become Proactive | p. 226 |
| Advanced | p. 227 |
| Persistent | p. 228 |
| Threat | p. 229 |
| Changing How You Think About Security | p. 230 |
| The Problem has Changed | p. 233 |
| The APT Defendable Network | p. 234 |
| Summary | p. 240 |
| Focusing in on the Right Security | p. 243 |
| Introduction | p. 243 |
| What is the Problem That is Being Solved? | p. 244 |
| If the Offense Knows More Than the Defense You Will Loose | p. 247 |
| Enhancing User Awareness | p. 250 |
| Virtualized Sandboxing | p. 250 |
| Patching | p. 252 |
| White Listing | p. 253 |
| Summary | p. 254 |
| Implementing Adaptive Security | p. 255 |
| Introduction | p. 255 |
| Focusing on the Human | p. 257 |
| Focusing on the Data | p. 262 |
| Game Plan | p. 265 |
| Prioritizing Risks | p. 267 |
| Key Emerging Technologies | p. 272 |
| The Critical Controls | p. 275 |
| Summary | p. 280 |
| Index | p. 283 |
| Table of Contents provided by Ingram. All Rights Reserved. |
