5 books on XDR [PDF]
November 02, 2024 | 11 |
These books are covering threat detection and response, data integration from multiple security layers, incident investigation workflows, automated threat hunting, analytics-driven security operations, compliance and reporting requirements and the orchestration of security tools in Extended Detection and Response (XDR).
1. Evading EDR: The Definitive Guide to Defeating Endpoint Detection Systems.
2023 by Matt Hand
Demystify EDR and gain a strategic advantage against attackers with this comprehensive guide on comprehending attack-detection software prevalent in Microsoft systems—and mastering techniques to elude it. Endpoint Detection and Response (EDR) agents are ubiquitous in enterprises for monitoring network devices, yet the intricacies of how these systems operate are often unclear to security defenders. "Evading EDR" unravels the complexities of EDR, providing an in-depth exploration into the mechanisms employed to detect adversary activity. The book systematically examines EDR components, breaking down their functionalities, elucidating their implementations, and detailing how they collect diverse data points from the Microsoft operating system. Drawing on the author's extensive experience as a red team operator, each chapter not only delves into the theory of crafting an effective EDR but also unveils documented evasion strategies for red teamers to bypass EDRs in their engagements.
Download PDF
2. Cybersecurity in the Digital Age: Tools, Techniques, & Best Practices
2018 by Gregory A. Garrett
Crafted by a team of 14 cybersecurity experts spanning five countries, "Cybersecurity in the Digital Age" is meticulously designed to cater to individuals ranging from novices to seasoned professionals, offering comprehensive insights into both strategic concepts and the practical aspects of cybersecurity. This esteemed group of experts covers essential areas such as cybersecurity for executives and boards, risk management framework comparisons, identity and access management tools and techniques, vulnerability assessment, penetration testing best practices, monitoring, detection, and response (MDR) strategies, cybersecurity in various industries, and lessons learned from ISO 27001 certification. Providing immediate access to crucial tools and best practices for managing threats, cyber vulnerabilities, penetration testing, risk, defense monitoring, response strategies, and more, this book is a valuable resource for preparing against cyber threats. Rooted in real-world experience, it includes process diagrams, charts, time-saving tables, relevant figures, lists of key actions, and best practices, delivering practical guidance from authors who have held prominent roles in information security, technology risk, compliance, and operations.
Download PDF
3. Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents
2018 by Eric C. Thompson
Establish, sustain, and oversee an ongoing cybersecurity incident response program with the pragmatic steps outlined in this book. Avoid shortcomings in your cybersecurity incident responses by addressing planning, preparation, leadership, and management support. This guide emphasizes the importance of a continual incident response program, urging leaders to comprehend the organizational landscape, evaluate program and team strengths and weaknesses, and strategically respond to incidents. Covering the phases of incident response—planning, practicing, detection, containment, eradication, and post-incident actions—the book incorporates successful behaviors and actions necessary for each stage, drawing from NIST 800-61 guidelines. Readers will gain insights into the sub-categories of the NIST Cybersecurity Framework, understand incident response components, and learn how to transform a response plan into a successful program, requiring vision, leadership, and a supportive culture. Tailored for cybersecurity leaders, executives, consultants, and entry-level professionals involved in executing incident response plans.
Download PDF
4. Best Practices in Computer Network Defense: Incident Detection and Response
2014 by M. Hathaway, IOS Press
Concerns about the cybersecurity of critical infrastructure and services have escalated globally, and NATO member countries are no exception. In response to this shared responsibility, this book compiles 10 papers and 21 specific findings from the NATO Advanced Research Workshop (ARW) on 'Best Practices in Computer Network Defense (CND): Incident Detection and Response,' held in Geneva, Switzerland, in September 2013. Attended by a diverse team of experts from 16 countries and three international institutions, the workshop aimed to identify state-of-the-art tools and processes used for cyber defense, pinpoint gaps in technology, and showcase industry and government best practices for incident detection and response. The book serves as a valuable resource for operators and decision-makers involved in enhancing global cyber defenses, offering genuine tools and expert insights. It sheds light on the current landscape of computer network defense and provides a comprehensive overview of available tools and practices for incident detection and response.
Download PDF
5. The Practice of Network Security Monitoring: Understanding Incident Detection and Response
2013 by Richard Bejtlich
Network security extends beyond building impenetrable barriers; it requires a proactive approach, and network security monitoring (NSM) is a crucial element in this strategy. In "The Practice of Network Security Monitoring," Mandiant CSO Richard Bejtlich provides a comprehensive guide on incorporating NSM to enhance the security of your networks, even without prior experience. Bejtlich emphasizes the use of open-source software and vendor-neutral tools, steering clear of expensive and rigid solutions. The book covers essential aspects such as deploying NSM platforms, sizing them appropriately, utilizing command line and graphical packet analysis tools, interpreting network evidence from various intrusions, and integrating threat intelligence into NSM software for identifying advanced adversaries. While no system can guarantee keeping attackers out, this book equips you to detect, contain, and control intrusions effectively, ensuring that the loss of sensitive data becomes a preventable outcome.
Download PDF
How to download PDF:
1. Install Google Books Downloader
2. Enter Book ID to the search box and press Enter
3. Click "Download Book" icon and select PDF*
* - note that for yellow books only preview pages are downloaded
1. Evading EDR: The Definitive Guide to Defeating Endpoint Detection Systems.
2023 by Matt Hand
Demystify EDR and gain a strategic advantage against attackers with this comprehensive guide on comprehending attack-detection software prevalent in Microsoft systems—and mastering techniques to elude it. Endpoint Detection and Response (EDR) agents are ubiquitous in enterprises for monitoring network devices, yet the intricacies of how these systems operate are often unclear to security defenders. "Evading EDR" unravels the complexities of EDR, providing an in-depth exploration into the mechanisms employed to detect adversary activity. The book systematically examines EDR components, breaking down their functionalities, elucidating their implementations, and detailing how they collect diverse data points from the Microsoft operating system. Drawing on the author's extensive experience as a red team operator, each chapter not only delves into the theory of crafting an effective EDR but also unveils documented evasion strategies for red teamers to bypass EDRs in their engagements.
Download PDF
2. Cybersecurity in the Digital Age: Tools, Techniques, & Best Practices
2018 by Gregory A. Garrett
Crafted by a team of 14 cybersecurity experts spanning five countries, "Cybersecurity in the Digital Age" is meticulously designed to cater to individuals ranging from novices to seasoned professionals, offering comprehensive insights into both strategic concepts and the practical aspects of cybersecurity. This esteemed group of experts covers essential areas such as cybersecurity for executives and boards, risk management framework comparisons, identity and access management tools and techniques, vulnerability assessment, penetration testing best practices, monitoring, detection, and response (MDR) strategies, cybersecurity in various industries, and lessons learned from ISO 27001 certification. Providing immediate access to crucial tools and best practices for managing threats, cyber vulnerabilities, penetration testing, risk, defense monitoring, response strategies, and more, this book is a valuable resource for preparing against cyber threats. Rooted in real-world experience, it includes process diagrams, charts, time-saving tables, relevant figures, lists of key actions, and best practices, delivering practical guidance from authors who have held prominent roles in information security, technology risk, compliance, and operations.
Download PDF
3. Cybersecurity Incident Response: How to Contain, Eradicate, and Recover from Incidents
2018 by Eric C. Thompson
Establish, sustain, and oversee an ongoing cybersecurity incident response program with the pragmatic steps outlined in this book. Avoid shortcomings in your cybersecurity incident responses by addressing planning, preparation, leadership, and management support. This guide emphasizes the importance of a continual incident response program, urging leaders to comprehend the organizational landscape, evaluate program and team strengths and weaknesses, and strategically respond to incidents. Covering the phases of incident response—planning, practicing, detection, containment, eradication, and post-incident actions—the book incorporates successful behaviors and actions necessary for each stage, drawing from NIST 800-61 guidelines. Readers will gain insights into the sub-categories of the NIST Cybersecurity Framework, understand incident response components, and learn how to transform a response plan into a successful program, requiring vision, leadership, and a supportive culture. Tailored for cybersecurity leaders, executives, consultants, and entry-level professionals involved in executing incident response plans.
Download PDF
4. Best Practices in Computer Network Defense: Incident Detection and Response
2014 by M. Hathaway, IOS Press
Concerns about the cybersecurity of critical infrastructure and services have escalated globally, and NATO member countries are no exception. In response to this shared responsibility, this book compiles 10 papers and 21 specific findings from the NATO Advanced Research Workshop (ARW) on 'Best Practices in Computer Network Defense (CND): Incident Detection and Response,' held in Geneva, Switzerland, in September 2013. Attended by a diverse team of experts from 16 countries and three international institutions, the workshop aimed to identify state-of-the-art tools and processes used for cyber defense, pinpoint gaps in technology, and showcase industry and government best practices for incident detection and response. The book serves as a valuable resource for operators and decision-makers involved in enhancing global cyber defenses, offering genuine tools and expert insights. It sheds light on the current landscape of computer network defense and provides a comprehensive overview of available tools and practices for incident detection and response.
Download PDF
5. The Practice of Network Security Monitoring: Understanding Incident Detection and Response
2013 by Richard Bejtlich
Network security extends beyond building impenetrable barriers; it requires a proactive approach, and network security monitoring (NSM) is a crucial element in this strategy. In "The Practice of Network Security Monitoring," Mandiant CSO Richard Bejtlich provides a comprehensive guide on incorporating NSM to enhance the security of your networks, even without prior experience. Bejtlich emphasizes the use of open-source software and vendor-neutral tools, steering clear of expensive and rigid solutions. The book covers essential aspects such as deploying NSM platforms, sizing them appropriately, utilizing command line and graphical packet analysis tools, interpreting network evidence from various intrusions, and integrating threat intelligence into NSM software for identifying advanced adversaries. While no system can guarantee keeping attackers out, this book equips you to detect, contain, and control intrusions effectively, ensuring that the loss of sensitive data becomes a preventable outcome.
Download PDF
How to download PDF:
1. Install Google Books Downloader
2. Enter Book ID to the search box and press Enter
3. Click "Download Book" icon and select PDF*
* - note that for yellow books only preview pages are downloaded