Security Intelligence : A Practitioner's Guide to Solving Enterprise Security Challenges.
Title:
Security Intelligence : A Practitioner's Guide to Solving Enterprise Security Challenges.
Author:
Li, Qing.
ISBN:
9781118896679
Personal Author:
Edition:
1st ed.
Physical Description:
1 online resource (363 pages)
Contents:
Security Intelligence: A Practitioner's Guide to Solving Enterprise Security Challenges -- Contents -- Foreword -- Preface -- Chapter 1 Fundamentals of Secure Proxies -- Security Must Protect and Empower Users -- The Birth of Shadow IT -- Internet of Things and Connected Consumer Appliances -- Conventional Security Solutions -- Traditional Firewalls: What Are Their Main Deficiencies? -- Firewall with DPI: A Better Solution? -- IDS/IPS and Firewall -- Unified Threat Management and Next-Generation Firewall -- Security Proxy-A Necessary Extension of the End Point -- Transaction-Based Processing -- The Proxy Architecture -- SSL Proxy and Interception -- Interception Strategies -- Certificates and Keys -- Certificate Pinning and OCSP Stapling -- SSL Interception and Privacy -- Summary -- Chapter 2 Proxy Deployment Strategies and Challenges -- Definitions of Proxy Types: Transparent Proxy and Explicit Proxy -- Inline Deployment of Transparent Proxy: Physical Inline and Virtual Inline -- Physical Inline Deployment -- Virtual Inline Deployment -- Traffic Redirection Methods: WCCP and PBR -- LAN Port and WAN Port -- Forward Proxy and Reverse Proxy -- Challenges of Transparent Interception -- Directionality of Connections -- Maintaining Traffic Paths -- Avoiding Interception -- Asymmetric Traffic Flow Detection and Clustering -- Proxy Chaining -- Summary -- Chapter 3 Proxy Policy Engine and Policy Enforcements -- Policy System Overview -- Conditions and Properties -- Policy Transaction -- Policy Ticket -- Policy Updates and Versioning System -- Security Implications -- Policy System in the Cloud Security Operation -- Policy Evaluation -- Policy Checkpoint -- Policy Execution Timing -- Revisiting the Proxy Interception Steps -- Enforcing External Policy Decisions -- Summary -- Chapter 4 Malware and Malware Delivery Networks.
Cyber Warfare and Targeted Attacks -- Espionage and Sabotage in Cyberspace -- Industrial Espionage -- Operation Aurora -- Watering Hole Attack -- Breaching the Trusted Third Party -- Casting the Lures -- Spear Phishing -- Pharming -- Cross-Site Scripting -- Search Engine Poisoning -- Drive-by Downloads and the Invisible iframe -- Tangled Malvertising Networks -- Malware Delivery Networks -- Fast-Flux Networks -- Explosion of Domain Names -- Abandoned Sites and Domain Names -- Antivirus Software and End-Point Solutions - The Losing Battle -- Summary -- Chapter 5 Malnet Detection Techniques -- Automated URL Reputation System -- Creating URL Training Sets -- Extracting URL Feature Sets -- Classifier Training -- Dynamic Webpage Content Rating -- Keyword Extraction for Category Construction -- Keyword Categorization -- Detecting Malicious Web Infrastructure -- Detecting Exploit Servers through Content Analysis -- Topology-Based Detection of Dedicated Malicious Hosts -- Detecting C2 Servers -- Detection Based on Download Similarities -- Crawlers -- Detecting Malicious Servers with a Honeyclient -- High Interaction versus Low Interaction -- Capture-HPC: A High-Interaction Honeyclient -- Thug: A Low-Interaction Honeyclient -- Evading Honeyclients -- Summary -- Chapter 6 Writing Policies -- Overview of the ProxySG Policy Language -- Scenarios and Policy Implementation -- Web Access -- Access Logging -- User Authentication -- Safe Content Retrieval -- SSL Proxy -- Reverse Proxy Deployment -- DNS Proxy -- Data Loss Prevention -- E-mail Filtering -- A Primer on SMTP -- E-mail Filtering Techniques -- Summary -- Chapter 7 The Art of Application Classification -- A Brief History of Classification Technology -- Signature Based Pattern Matching Classification -- Extracting Matching Terms - Aho-Corasick Algorithm -- Prefi x-Tree Signature Representation.
Manual Creation of Application Signatures -- Automatic Signature Generation -- Flow Set Construction -- Extraction of Common Terms -- Signature Distiller -- Considerations -- Machine Learning-Based Classification Technique -- Feature Selection -- Supervised Machine Learning Algorithms -- Naïve Bayes Method -- Unsupervised Machine Learning Algorithms -- Expectation-Maximization -- K-Means Clustering -- Classifier Performance Evaluation -- Proxy versus Classifier -- Summary -- Chapter 8 Retrospective Analysis -- Data Acquisition -- Logs and Retrospective Analysis -- Log Formats -- Log Management and Analysis -- Packet Captures -- Capture Points -- Capture Formats -- Capture a Large Volume of Data -- Data Indexing and Query -- B-tree Index -- B-tree Search -- B-tree Insertion -- Range Search and B+-tree -- Bitmap Index -- Bitmap Index Search -- Bitmap Index Compression -- Inverted File Index -- Inverted File -- Inverted File Index Query -- Inverted File Compression -- Performance of a Retrospective Analysis System -- Index Sizes -- Index Building Overhead -- Query Response Delay -- Scalability -- Notes on Building a Retrospective Analysis System -- MapReduce and Hadoop -- MapReduce for Parallel Processing -- Hadoop -- Open Source Data Storage and Management Solution -- Why a Traditional RDBMS Falls Short -- NoSQL and Search Engines -- NoSQL and Hadoop -- Summary -- Chapter 9 Mobile Security -- Mobile Device Management, or Lack Thereof -- Mobile Applications and Their Impact on Security -- Security Threats and Hazards in Mobile Computing -- Cross-Origin Vulnerability -- Near Field Communication -- Application Signing Transparency -- Library Integrity and SSL Verification Challenges -- Ad Fraud -- Research Results and Proposed Solutions -- Infrastructure-Centric Mobile Security Solution -- Towards the Seamless Integration of WiFi and Cellular Networks.
Security in the Network -- Summary -- Bibliography -- Index -- EULA.
Abstract:
Identify, deploy, and secure your enterprise Security Intelligence, A Practitioner's Guide to Solving Enterprise Security Challenges is a handbook for security in modern times, against modern adversaries. As leaders in the design and creation of security products that are deployed globally across a range of industries and market sectors, authors Qing Li and Gregory Clark deliver unparalleled insight into the development of comprehensive and focused enterprise security solutions. They walk you through the process of translating your security goals into specific security technology domains, formulating the best deployment strategies, and verifying the solution by analyzing security incidents and divulging hidden breaches. This guide provides detailed coverage of key enterprise security topics while demystifying technologies such as Next Generation Firewall. Through an in-depth look at proxy design and its policy enforcement engine, malware, malnets, and application proxies, you'll easily discover the foundation needed for a careful analysis while gaining deeper comprehension of security policies for application-specific proxies, application classification and control, security data analysis, and mobile security. You will learn the most effective solutions, technologies, and methodologies that can be implemented to monitor for, guard against, and mitigate security threats. Security Intelligence makes enterprise security concepts, solutions, and practices accessible to all security engineers, developers, and corporate IT staff and shows you how to: Identify relevant solutions to secure critical infrastructure Construct policies that provide flexibility to the users and ensure productivity Deploy effective defenses against rapidly-evolving web threats Implement solutions that comply with relevant rules and regulations Build new security
solutions, policies, and products within the enterprise context.
Local Note:
Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2017. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.
Genre:
Added Author:
Electronic Access:
Click to View