Attack Surface Management - Helion

ebook

Autor: Ron Eddings, MJ Kaufmann
ISBN: 9781098165048
stron: 300, Format: ebook
Data wydania: 2025-05-19
Księgarnia: Helion

Cena książki: 169,14 zł (poprzednio: 208,81 zł)
Oszczędzasz: 19% (-39,67 zł)

Osoby, które kupiły tę książkę, wybierały także »

Organizations are increasingly vulnerable as attack surfaces grow and cyber threats evolve. Addressing these threats is vital, making attack surface management (ASM) essential for security leaders globally. This practical book provides a comprehensive guide to help you master ASM. Cybersecurity engineers, system administrators, and network administrators will explore key components, from networks and cloud systems to human factors.

Authors Ron Eddings and MJ Kaufmann offer actionable solutions for newcomers and experts alike, using machine learning and AI techniques. ASM helps you routinely assess digital assets to gain complete insight into vulnerabilities, and potential threats. The process covers all security aspects, from daily operations and threat hunting to vulnerability management and governance.

You'll learn:

Fundamental ASM concepts, including their role in cybersecurity>
How to assess and map your organization's attack surface, including digital assets and vulnerabilities
Strategies for identifying, classifying, and prioritizing critical assets
Attack surfaces types, including each one's unique security challenges
How to align technical vulnerabilities with business risks
Principles of continuous monitoring and management to maintain a robust security posture
Techniques for automating asset discovery, tracking, and categorization
Remediation strategies for addressing vulnerabilities, including patching, monitoring, isolation, and containment
How to integrate ASM with incident response and continuously improve cybersecurity strategies

ASM is more than a strategy—it's a defense mechanism against growing cyber threats. This guide will help you fortify your digital defense.

Osoby które kupowały "Attack Surface Management", wybierały także:

Biologika Sukcesji Pokoleniowej. Sezon 3. Konflikty na terytorium 117,27 zł, (12,90 zł -89%)
Windows Media Center. Domowe centrum rozrywki 66,67 zł, (8,00 zł -88%)
Podręcznik startupu. Budowa wielkiej firmy krok po kroku 92,14 zł, (12,90 zł -86%)
Ruby on Rails. Ćwiczenia 18,75 zł, (3,00 zł -84%)
Prawa ludzkiej natury 75,88 zł, (12,90 zł -83%)

Spis treści

Attack Surface Management eBook -- spis treści

Preface
- Who Should Read This Book
- What You Need to Know
- Why We Wrote This Book
  - What Youll Learn
  - Navigating This Book
    - Part I: Foundations of ASM
    - Part II: Identification and Classification
    - Part III: Prioritization and Remediation
    - Part IV: Adapting and Monitoring
    - Looking Ahead
  - How to Use This Book
- Conventions Used in This Book
- OReilly Online Learning
- How to Contact Us
- Acknowledgments
  - Ron Eddings
  - MJ Kaufmann
I. Foundations of ASM
1. Laying the Groundwork: An Overview of Attack Surface Management
- Attack Surface Management: What It Is and Why It Matters
  - What Do We Mean by Attack Surface?
  - Attack Vectors Versus Attack Surfaces
- What Is Attack Surface Management?
- The Components of ASM
  - Identification
  - Classification
  - Prioritization
  - Remediation
  - Adapting
  - Monitoring
- The Strategic Role of ASM in Cybersecurity
- Adopting the Attackers Perspective
  - Changing Your Point of View
    - Seeing the whole picture
    - Spotting easy targets
    - Keep your eyes on the prize
    - Adapt and overcome
  - Proactive Strategy: Playing Attacker
- ASM Use Cases and Security Challenges
  - Visibility Challenges
  - Asset Management
  - Asset Intelligence
  - Shadow IT
  - Managing Risk
    - Keeping pace with a dynamic threat landscape
    - Prioritization of risks
    - Risks associated with mergers and acquisitions
  - Incident Response and Prioritization
    - Improved incident response
    - Resource allocation
  - Policy Enforcement
  - Compliance and Regulatory Pressures
- Summary
2. Types of Attack Surfaces
- The Ever-Expanding Organizational Attack Surface
- Traditional IT Components
- Legacy Virtualization
- Modern IT Components
  - Modern Virtualization
  - IoT
  - Websites
  - Certificates
  - Cloud
  - Cloud Providers
  - Cloud Workloads
  - Containers
  - Cloud-Based Applications
  - Data
  - Configuration Management
  - SaaS
  - SaaS Management
  - Identity
  - Users
  - Data Access Across Platforms
  - Identity and Access Management Challenges
  - Supply Chain
  - Software Development
  - Applications
  - Certificates
  - BYOD and Mobile
- Artificial Intelligence
  - AI Models and Neural Network Architecture
  - AI Pipelines and Infrastructure
  - AI User Interfaces and APIs
- Summary
3. How the Attack Surface Relates to Risk
- Measuring Risk
- Qualitative Risk
  - Examples
  - Benefits
  - Challenges
- Quantitative Risk
  - Examples
  - Walkthrough: Practical Application of Quantifying Risk
    - Calculate risk
    - Determine per-incident cost
  - Benefits
  - Challenges
- Determining the Right Fit
  - Data and Complexity Considerations
  - Resource and Capability Considerations
  - Purpose and Stakeholder Considerations
  - Should I Use a Mix?
  - Example: Choosing the Right Method
- Risk Frameworks
  - NIST
    - Benefits
    - Challenges
    - Best environments
  - ISO
    - Benefits
    - Challenges
    - Best environments
  - ITIL v4
    - Benefits
    - Challenges
    - Best environments
  - COSO ERM
    - Benefits
    - Challenges
    - Best environments
  - OCTAVE
    - Benefits
    - Challenges
    - Best environments
- Communicating Risk to Your Business Team
  - Know Your Audience
  - Technical Jargon Confuses Business Teams
  - How to Translate Technical Risk to Business Language
  - Managing Excuses for Poor Communication
- Summary
II. Identification and Classification
4. Identification and Classification of Assets
- Identification
  - Asset Inventory
  - Why Maintaining Inventory Is Foundational in ASM
  - Identifying Asset Inventory Solutions
  - Discovery of Assets
    - Manual asset discovery
    - Shadow IT and untracked assets
    - Automation of asset discovery
- Classification for Asset Enrichment
  - Asset Type Details
  - Configuration Data
  - Data Classification
  - Usage Information
  - Location and Environmental Data
  - Interdependencies
  - Security Posture
  - Life Cycle Status
- Integrating Asset Enrichment with Business Strategy
  - Better Prioritization
  - Accurate Inventory
  - Software Licensing Tracking
  - Compliance Audit Evidence
- Summary
5. Automating Asset Discovery
- Importance of Automating Asset Discovery
  - Breadth of Enterprises
    - Managing growth and change
    - Addressing global organizations
    - Adapting to evolving technology landscapes
  - Cloud Complications
    - Identification of shadow IT and unsanctioned services
    - A need for specialized tooling
- Types of Automated Asset Discovery
  - Network Scanning
  - Cloud Analysis
  - API Identification
  - Data Discovery
  - Challenges in Automated Discovery
    - Identification challenges
    - Categorization challenges
- Features That Deliver High ROI
  - Search Capabilities
  - Data Presentation
  - Analytics and Reporting
  - Advanced Features
- Summary
III. Prioritization and Remediation
6. Prioritization and Crown Jewel Analysis
- Understanding Prioritization
  - Comparisons to Other Strategic Processes
  - Importance of Prioritization
    - Benefits to security posture
    - Enhancing resource allocation
- Prioritization Criteria
  - Value to the Organization
  - Operational Impact
  - Data Sensitivity and Classification
    - Methods of data classification
    - Regulatory compliance implications
    - Compliance vs. risk-based prioritization
- Obtaining Business Context
  - Mapping Business Functions
  - Tools and Techniques for Mapping
  - Impact Assessment
- Determining Actual Prioritization
  - Determining Crown Jewels
  - Periodic Review and Update of Crown Jewels
  - Identifying Other High-Value Assets
    - Tier 2 assets
    - Feedback from business units
  - Ranking Everything Else
    - Developing a prioritization matrix
    - Implementing a dynamic prioritization model
- Summary
7. Measuring Attack Surface
- Attack Surface Analysis
  - How Does ASA Work?
  - How ASA Enhances Security Posture
- Internal and External Attack Surfaces
  - Internal Attack Surface Analysis
    - Network security
    - User account management
    - Automated process identities
    - Physical security
  - External Attack Surface Analysis
    - Cloud services
    - APIs
    - Web application security
    - Third-party risk assessment
    - Perimeter defense
    - Public infrastructure exposure
  - Areas of Overlap
    - Identity and access management
    - Vulnerability management
  - Tools for Assessing Attack Surfaces
- Threat Modeling
  - Threat Modeling Informs Risk Management
  - Threat Modeling Methodologies
    - STRIDE
    - DREAD
    - PASTA
    - MITRE ATT&CK
  - Which to Use?
- Integrating Threat Modeling with Attack Surface Mapping
  - How Threat Modeling Improves Attack Surface Management
  - How ASM Complements Threat Modeling
- Summary
8. Remediation
- Assessing the Remediation Need
  - Identifying the Severity of Vulnerabilities
  - Assessing Potential Impact
  - Cost-Benefit Analysis of Remediation
- Prioritization of Findings
  - Ease of Exploitation
  - Discoverability
  - Attacker Priority
  - Remediation Complexity
  - Remediation Strategies
    - Proactive remediation
    - Reactive remediation
    - Balancing proactive and reactive
  - Validation of Remediation Efforts
  - Feedback Loop with Stakeholders
  - Monitoring for Unexpected Issues or Collateral Damage
  - Documentation and Reporting
    - Creating a remediation report
    - Documenting changes and updates
    - Reporting to leadership and relevant teams
- Summary
IV. Adapting and Monitoring
9. Minimizing Attack Surfaces
- How to Minimize Attack Surfaces
  - Strategic Methods
    - Defense-in-depth
    - Identity and access management
    - Zero trust model
      - Core components
      - Implementing zero trust
    - Preventing data loss
    - Security information and event management
    - Advanced threat protection
    - Training and awareness
  - Tactical Techniques
    - Network segmentation
    - Vulnerability management
      - Challenges
      - Overcoming challenges
    - Endpoint management
- Summary
10. Continuous Monitoring and Management
- The Dynamic Nature of Digital Ecosystems
  - Technological Shifts and New Integrations
  - Impact of Organizational Changes on the Ecosystem
- Setting Alert Thresholds
  - Differentiating Between False Positives and Legitimate Threats
  - Calibrating and Fine-Tuning Thresholds
  - Incorporating Contextual Awareness in Alerts
- Integrating with Incident Response
  - Coordinating Monitoring with Incident Response Teams
  - Simulating Breach Scenarios
  - Rapid Response and Mitigation Strategies
- Periodic Reviews and Audits
  - Scheduling Regular Vulnerability Scans
  - Reevaluating Remediation Efforts and Efficacy
  - Reassessing Asset Priorities
- Feedback Loops and Continuous Improvement
  - Encouraging Cross-Team Collaboration
  - Leveraging Lessons Learned from Past Incidents
  - Adapting Monitoring Strategies Based on Feedback
- Automation and AI in Continuous Monitoring
  - Benefits of Automated Monitoring Tools
  - Role of AI in Threat Detection and Analysis
  - Balancing Automation with Manual Oversight
- Summary
11. The Future of Attack Surface Management
- Emerging Trends in Attack Surface Management
  - AI and Machine Learning in ASM
  - Quantum Computing
  - Edge Computing Challenges
- Evolving Challenges in Cybersecurity
- Staying Ahead in ASM Practices and Technologies
- Continuous Learning and Skill Development
- Stay Hungry, Never Give Up
Index